Justine

Interfaces

enp1s0

• HOME VLAN; untagged

ip link set enp1s0 up
ip addr replace 192.168.0.2/24 dev enp1s0
ip route add default via 192.168.0.1 dev enp1s0

mgmt@enp1s0

• MGMT VLAN; tagged VLAN 100

ip link add link enp1s0 name mgmt type vlan id 100
ip link set mgmt up
ip addr replace 192.168.100.2/24 dev mgmt

docker0

• 172.18.0.1/16

Set up automatically by docker.

Docker namespaces use virtual interface that gets bridged with docker0.

Routing

Forwarding

Enabled but packets dropped by default on firewall.

sysctl net.ipv4.ip_forward=1
iptables -P FORWARD DROP

Mullvad VPN outgoing traffic is MASQUERADEed for it to get Mullvad assigned internal IP.

# Mullvad gateway
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o mullvad -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -o mullvad -j MASQUERADE

Allow traffic from Docker (IPHole) to be originating from justine IP if routed through default HOME VLAN gateway (caroline) - this is when VPN is turned off to keep DNS working.

# VPN gateway (used if mullvad is stopped)
iptables -t nat -A POSTROUTING -s 172.17.1.1/24 -o enp1s0 -j MASQUERADE

Local networks

Allow access to other local networks via caroline:

ip route add 192.168.0.0/16 dev enp1s0 via 192.168.0.1