modify a few things

This commit is contained in:
Neale Pickett 2011-09-16 10:08:07 -06:00
commit 9ee99a6334
3 changed files with 40 additions and 56 deletions

View File

@ -3,53 +3,27 @@ local=/ctf/
no-hosts
domain=ctf
dhcp-authoritative
dhcp-range=10.0.1.10,10.0.1.254
dhcp-range=10.1.1.10,10.1.1.254
dhcp-range=10.2.1.10,10.2.1.254
dhcp-range=10.3.1.10,10.3.1.254
dhcp-range=10.4.1.10,10.4.1.254
dhcp-range=10.5.1.10,10.5.1.254
dhcp-range=10.6.1.10,10.6.1.254
dhcp-range=10.7.1.10,10.7.1.254
dhcp-range=10.8.1.10,10.8.1.254
dhcp-range=10.9.1.10,10.9.1.254
dhcp-range=10.10.1.10,10.10.1.254
dhcp-range=10.11.1.10,10.11.1.254
dhcp-range=10.12.1.10,10.12.1.254
dhcp-range=10.13.1.10,10.13.1.254
dhcp-range=10.14.1.10,10.14.1.254
dhcp-range=10.15.1.10,10.15.1.254
dhcp-range=10.16.1.10,10.16.1.254
dhcp-range=10.17.1.10,10.17.1.254
dhcp-range=10.18.1.10,10.18.1.254
dhcp-range=10.19.1.10,10.19.1.254
dhcp-range=10.20.1.10,10.20.1.254
dhcp-range=10.21.1.10,10.21.1.254
dhcp-range=10.22.1.10,10.22.1.254
dhcp-range=10.23.1.10,10.23.1.254
dhcp-range=10.24.1.10,10.24.1.254
dhcp-range=10.25.1.10,10.25.1.254
dhcp-range=10.26.1.10,10.26.1.254
dhcp-range=10.27.1.10,10.27.1.254
dhcp-range=10.28.1.10,10.28.1.254
dhcp-range=10.29.1.10,10.29.1.254
dhcp-range=10.30.1.10,10.30.1.254
dhcp-range=10.31.1.10,10.31.1.254
dhcp-range=10.32.1.10,10.32.1.254
dhcp-range=10.33.1.10,10.33.1.254
dhcp-range=10.34.1.10,10.34.1.254
dhcp-range=10.35.1.10,10.35.1.254
dhcp-range=10.36.1.10,10.36.1.254
dhcp-range=10.37.1.10,10.37.1.254
dhcp-range=10.38.1.10,10.38.1.254
dhcp-range=10.39.1.10,10.39.1.254
dhcp-range=10.40.1.10,10.40.1.254
dhcp-range=10.41.1.10,10.41.1.254
dhcp-range=10.42.1.10,10.42.1.254
dhcp-range=10.43.1.10,10.43.1.254
dhcp-range=10.44.1.10,10.44.1.254
dhcp-range=10.45.1.10,10.45.1.254
dhcp-range=10.46.1.10,10.46.1.254
dhcp-range=10.47.1.10,10.47.1.254
dhcp-range=10.48.1.10,10.48.1.254
dhcp-range=10.254.1.10,10.254.1.254
dhcp-range=vlan1,172.16.1.10,172.16.1.254
dhcp-range=vlan2,172.16.2.10,172.16.2.254
dhcp-range=vlan3,172.16.3.10,172.16.3.254
dhcp-range=vlan4,172.16.4.10,172.16.4.254
dhcp-range=vlan5,172.16.5.10,172.16.5.254
dhcp-range=vlan6,172.16.6.10,172.16.6.254
dhcp-range=vlan7,172.16.7.10,172.16.7.254
dhcp-range=vlan8,172.16.8.10,172.16.8.254
dhcp-range=vlan9,172.16.9.10,172.16.9.254
dhcp-range=vlan10,172.16.10.10,172.16.10.254
dhcp-range=vlan11,172.16.11.10,172.16.11.254
dhcp-range=vlan12,172.16.12.10,172.16.12.254
dhcp-range=vlan13,172.16.13.10,172.16.13.254
dhcp-range=vlan14,172.16.14.10,172.16.14.254
dhcp-range=vlan15,172.16.15.10,172.16.15.254
dhcp-range=vlan16,172.16.16.10,172.16.16.254
dhcp-range=vlan17,172.16.17.10,172.16.17.254
dhcp-range=vlan18,172.16.18.10,172.16.18.254
dhcp-range=vlan19,172.16.19.10,172.16.19.254
dhcp-range=vlan20,172.16.20.10,172.16.20.254
dhcp-range=vlan21,172.16.21.10,172.16.21.254
dhcp-range=vlan22,172.16.22.10,172.16.22.254
dhcp-range=vlan23,172.16.23.10,172.16.23.254
dhcp-range=vlan24,172.16.24.10,172.16.24.254

View File

@ -0,0 +1,3 @@
#! /bin/sh
exec socat -u udp-listen:27844 udp-datagram:172.16.24.255:27844,broadcast

View File

@ -18,24 +18,31 @@ echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Make a huge arp table, because this is a router
# and people like to run nmap
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
# No label: dnsmasq can't cope
ip addr add 10.0.0.1/16 dev eth0
ip addr add 172.16.0.1/24 dev eth0
ip addr add 172.30.73.1/24 dev eth0
ip link set eth0 up
for i in $(seq 48); do
for i in $(seq 24); do
ip link add link eth0 name eth0.$i type vlan id $i
ip addr add 10.$i.0.1/16 dev eth0.$i
ip addr add 172.16.$i.1/24 dev eth0.$i
ip link set eth0.$i up
done
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -s 10.0.0.0/16 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
iptables -P INPUT DROP
sleep 8100d