forked from kohler/click
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example.clgw
75 lines (67 loc) · 1.86 KB
/
example.clgw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#
# $Id: example.clgw,v 1.3 2004/04/14 19:54:42 max Exp $
#
# Script to be processed with click-mkclgw.pl, to make a click configuration
#
#
# Parameters - SNIFF determines whether we've enabled Sniffing devices
# (for tcpdump), LBNODES determines the number of load-balancer nodes
# to add on the consistent hash ring, and LBSEED is the random number
# generator seed.
#
{(param);
SNIFF 0;
LBNODES 129;
LBSEED 0xbadbeef;
}
#
# default internal and external IP addresses for the gateway
# to bind to. it will also be binding to other addresses.
#
{(default);
INTERNAL 10.0.0.1 10.0.0.0/17 00:07:e9:5d:79:51;
EXTERNAL 77.59.77.4 77.59.77.0/26 00:07:e9:5d:79:52;
NEXTHOP 00:01:30:88:cd:00;
INTDNS 10.0.12.20;
}
#
# All traffic on 10.0.30.0/24 will be NATed to 77.59.77.40
#
{(napt);
foo 77.59.77.40 10.0.30.1 10.0.30.0/24
}
#
# Up to now, the rule format has been {(<tag>); <rules> }
# The <tag>'s above are all reserved keywords used by the
# generation script.
#
# Below, the format used is {(ports); <rules> }
# Each rule set is associated with a set of TCP ports.
# For instance, a cluster might accept ssh and www connections.
# Or for individual holes in the firewall, maybe only certain
# types of TCP packets are let through.
#
#
# Reverse NAT; Each server stage[i] has a unique internal
# and external IP address. Let ssh and www in through the FW
#
{(ssh|www);
stage[0-3] 77.59.77.[20-23] 10.0.10.[10-13];
stage4 77.59.77.19 10.0.10.9
}
#
# Reverse NAT, but all ports are wide open (danger!!)
#
{(*);
grave 77.59.77.14 10.0.10.14
}
#
# ws[1-14] but ws2, ws3, and ws[5-7] are out of service.
# external address is 77.59.77.10
# internal mapped addresses are 10.0.11.[11-24]
# internal GW address is 10.0.11.1
# All traffic originating on 10.0.11.0/24 will be NATed to 77.59.77.10
#
{(www);
ws[1-14]/[2,3,5-7] 77.59.77.10 10.0.11.[11-24] 10.0.11.1 10.0.11.0/24
}