Justine

Interfaces

enp1s0

• HOME VLAN; untagged

ip link set enp1s0 up
ip addr replace 192.168.0.2/24 dev enp1s0
ip route add default via 192.168.0.1 dev enp1s0

mgmt@enp1s0

• MGMT VLAN; tagged VLAN 100

ip link add link enp1s0 name mgmt type vlan id 100
ip link set mgmt up
ip addr replace 192.168.100.2/24 dev mgmt

docker0

• 172.18.0.1/16

Set up automatically by docker.

Docker namespaces use virtual interface that gets bridged with docker0.

Routing

Forwarding

Enabled but packets dropped by default on firewall.

sysctl net.ipv4.ip_forward=1
iptables -P FORWARD DROP

Mullvad VPN outgoing traffic is MASQUERADEed for it to get Mullvad assigned internal IP. Also allow traffic from Docker (IPHole) to be originating from justine IP if routed through HOME VLAN gateway (caroline) - this is when VPN is turned off to keep DNS working.

# Mullvad gateway
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o mullvad -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -o mullvad -j MASQUERADE

Allow traffic from Docker (IPHole) to be originating from justine IP if routed through default HOME VLAN gateway (caroline) - this is when VPN is turned off to keep DNS working.

# VPN gateway (used if mullvad is stopped)
iptables -t nat -A POSTROUTING -s 172.17.1.1/24 -o enp1s0 -j MASQUERADE

Local networks

Allow access to other local networks via caroline:

ip route add 192.168.0.0/16 dev enp1s0 via 192.168.0.1