documentation:firewall

Robotlab firewalls

Athans

athans.control.lth.se is in front of the subnets

  • a.control.lth.se (192.168.65.0/24)
  • b.control.lth.se (192.168.66.0/24)
  • c.control.lth.se (192.168.67.0/24)
  • d.control.lth.se (192.168.68.0/24)

To access nodes behind athans you will need to add network routes for each subnet with athans IP address as gateway (currently 130.235.83.152).

You will also need a wired connection to Automatic Control's part of LU's network (130.235.83.0/24).

Robots are configured for all 4 subnets but usually only connected to one. Test pinging them to figure out if it's A, B, C or D.

Scripts

Windows

TODO: Test!

athans_routes.bat
for /l %%i in (65, 1, 68) do (
    route -p ADD 192.168.%%i.0 MASK 255.255.255.0 130.235.83.152
)
Mac

TODO: Test!

Run script using chmod +x athans_routes_mac.sh && sudo .\athans_routes_mac.sh

athans_routes_mac.sh
#!/usr/bin/zsh
 
GATEWAY=130.235.83.152
 
for i in {65..68} ; do
    SUBNET="192.168.$i.0/24"
    route -n add -net "192.168.$i.0/24" 130.235.83.152
done
Linux

= ip route =

Not persistent!

Find name of device using ip link.

Run script using chmod +x athans_routes_linux_ip_route.sh && sudo ./athans_routes_linux_ip_route.sh enpXsY.

athans_routes_linux_ip_route.sh
#!/usr/bin/bash
 
GATEWAY=130.235.83.152
DEVICE=$1
 
for i in {65..68} ; do
    SUBNET="192.168.$i.0/24"
    ip route add $SUBNET via $GATEWAY dev $DEVICE
done

= nmcli =

Find name of device using ip link.

Run script using chmod +x athans_routes_linux_nmcli.sh && sudo ./athans_routes_linux_nmcli.sh 'Wired Connection 1'.

athans_routes_linux_nmcli.sh
#!/usr/bin/bash
 
GATEWAY=130.235.83.152
CONNECTION=$1
 
for i in {65..68} ; do
    SUBNET="192.168.$i.0/24"
    nmcli connection modify “$CONNECTION” +ipv4.routes “$SUBNET $GATEWAYdone

= netplan =

Find name of device using ip link and replace enpXsY in file below.

Put file into /etc/netplan/ and apply with sudo netplan apply.

athans_routes.yaml
network:
  version: 2
  ethernets:
    enpXsY:
      routes:
      - to: 192.168.65.0/24
        via: 130.235.83.152
      - to: 192.168.66.0/24
        via: 130.235.83.152
      - to: 192.168.67.0/24
        via: 130.235.83.152
      - to: 192.168.68.0/24
        via: 130.235.83.152
  • documentation/firewall.txt
  • Last modified: 2022/09/30 12:24
  • by tetovj