Join Log in
Score:0
James Anderson avatar Ubuntu

Firewall settings for remote (VPN) subnet?

gd flag
James Anderson

I have two servers running 18.04.6 desktop. I am unable to access them from a different subnet (IPsec site to VPN). It appears to me that the built-in firewall doesn’t allow connections from an address outside the range of it’s subnet. I can access Windows PCs and a QNAP NAS so I think the default firewall settings in the Ubuntu servers are the problem. Note: both servers have multiple VLAN interfaces and the subnet I am trying to reach is a VLAN.

Ufw rules

root@ns04:~# ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   ALLOW IN    192.168.3.0/24
[ 2] Anywhere                   ALLOW IN    192.168.1.0/24
[ 3] Anywhere                   ALLOW IN    172.30.13.0/24
[ 4] Samba                      ALLOW IN    Anywhere
[ 5] Bind9                      ALLOW IN    Anywhere
[ 6] 22/tcp                     ALLOW IN    Anywhere
[ 7] 67                         ALLOW IN    Anywhere
[ 8] 68                         ALLOW IN    Anywhere
[ 9] Anywhere                   ALLOW OUT   Anywhere                   (out)
[10] Samba (v6)                 ALLOW IN    Anywhere (v6)
[11] Bind9 (v6)                 ALLOW IN    Anywhere (v6)
[12] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[13] 67 (v6)                    ALLOW IN    Anywhere (v6)
[14] 68 (v6)                    ALLOW IN    Anywhere (v6)
[15] Anywhere (v6)              ALLOW OUT   Anywhere (v6)              (out)

root@ns04:~#

Ip ad

ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.3.254/24 brd 172.30.3.255 scope global dynamic enp2s0
       valid_lft 137844sec preferred_lft 137844sec
    inet6 wwww:xxxx:yyyy:zzzz:403a:fcea:711c:8530/64 scope global temporary dynamic
       valid_lft 86231sec preferred_lft 14231sec
    inet6 wwww:xxxx:yyyy:zzzz:e135:7f9c:b29f:5abf/64 scope global temporary deprecated dynamic
       valid_lft 86231sec preferred_lft 0sec
    inet6 wwww:xxxx:yyyy:zzzz:9c9d:ad17:ea63:bfdb/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 86231sec preferred_lft 14231sec
    inet6 fe80::4504:f36d:fb1b:907a/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp2s0.4@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.4.254/24 brd 172.30.4.255 scope global enp2s0.4
       valid_lft forever preferred_lft forever
    inet6 wwww:xxxx:yyyy:zzz4:7584:e7fc:17b4:ea5e/64 scope global temporary dynamic
       valid_lft 86339sec preferred_lft 14339sec
    inet6 wwww:xxxx:yyyy:zzz4:c0f0:42d3:9869:5852/64 scope global temporary deprecated dynamic
       valid_lft 86339sec preferred_lft 0sec
    inet6 wwww:xxxx:yyyy:zzz4:201:2eff:fe6b:2fe7/64 scope global dynamic mngtmpaddr
       valid_lft 86339sec preferred_lft 14339sec
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
4: enp2s0.5@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.5.254/24 brd 172.30.5.255 scope global enp2s0.5
       valid_lft forever preferred_lft forever
    inet6 wwww:xxxx:yyyy:zzz5:b89d:2a36:bdd4:65ff/64 scope global temporary dynamic
       valid_lft 86080sec preferred_lft 14080sec
    inet6 wwww:xxxx:yyyy:zzz5:1991:2647:2778:79b/64 scope global temporary deprecated dynamic
       valid_lft 86080sec preferred_lft 0sec
    inet6 wwww:xxxx:yyyy:zzz5:201:2eff:fe6b:2fe7/64 scope global dynamic mngtmpaddr
       valid_lft 86080sec preferred_lft 14080sec
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
5: enp2s0.7@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.7.254/24 brd 172.30.7.255 scope global enp2s0.7
       valid_lft forever preferred_lft forever
    inet6 wwww:xxxx:yyyy:zzz7:502:cf3d:1526:2907/64 scope global temporary dynamic
       valid_lft 86111sec preferred_lft 14111sec
    inet6 wwww:xxxx:yyyy:zzz7:2475:a5f6:3698:3f44/64 scope global temporary deprecated dynamic
       valid_lft 86111sec preferred_lft 0sec
    inet6 wwww:xxxx:yyyy:zzz7:201:2eff:fe6b:2fe7/64 scope global dynamic mngtmpaddr
       valid_lft 86111sec preferred_lft 14111sec
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
6: enp2s0.8@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.8.254/24 brd 172.30.8.255 scope global enp2s0.8
       valid_lft forever preferred_lft forever
    inet6 fdea:0:0:8::254/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
7: enp2s0.9@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.9.254/24 brd 172.30.9.255 scope global enp2s0.9
       valid_lft forever preferred_lft forever
    inet6 wwww:xxxx:yyyy:zzz9:896e:cbd5:e835:a490/64 scope global temporary dynamic
       valid_lft 86099sec preferred_lft 14099sec
    inet6 wwww:xxxx:yyyy:zzz9:edae:d6e7:6503:e08a/64 scope global temporary deprecated dynamic
       valid_lft 86099sec preferred_lft 0sec
    inet6 wwww:xxxx:yyyy:zzz9:201:2eff:fe6b:2fe7/64 scope global dynamic mngtmpaddr
       valid_lft 86099sec preferred_lft 14099sec
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
8: enp2s0.10@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.10.254/24 brd 172.30.10.255 scope global enp2s0.10
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
9: enp2s0.11@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.11.254/24 brd 172.30.11.255 scope global enp2s0.11
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
10: enp2s0.12@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:01:2e:6b:2f:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.30.12.254/24 brd 172.30.12.255 scope global enp2s0.12
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe6b:2fe7/64 scope link
       valid_lft forever preferred_lft forever
root@ns04:/etc/ufw#

Ip route

root@ns04:/etc/ufw#
root@ns04:/etc/ufw# ip route
default via 172.30.3.1 dev enp2s0
default via 172.30.3.1 dev enp2s0 proto dhcp metric 20100
169.254.0.0/16 dev enp2s0.4 scope link metric 1000
172.30.3.0/24 dev enp2s0 proto kernel scope link src 172.30.3.254
172.30.3.0/24 dev enp2s0 proto kernel scope link src 172.30.3.254 metric 100
172.30.4.0/24 dev enp2s0.4 proto kernel scope link src 172.30.4.254
172.30.5.0/24 dev enp2s0.5 proto kernel scope link src 172.30.5.254
172.30.7.0/24 dev enp2s0.7 proto kernel scope link src 172.30.7.254
172.30.8.0/24 dev enp2s0.8 proto kernel scope link src 172.30.8.254
172.30.9.0/24 dev enp2s0.9 proto kernel scope link src 172.30.9.254
172.30.10.0/24 dev enp2s0.10 proto kernel scope link src 172.30.10.254
172.30.11.0/24 dev enp2s0.11 proto kernel scope link src 172.30.11.254
172.30.12.0/24 dev enp2s0.12 proto kernel scope link src 172.30.12.254
root@ns04:/etc/ufw#

Notes: 192.168.1.0/24 is the remote site

172.30.5.0/24 is the local vlan subnet remote connects to.

The other two /24s are for local testing

It appears I need changes in the ufw before file to either ufw-not-local and/or ufw-before-input.

# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP

I need to make samba work from 192.168.1.0/24.

SSH and ping would also be helpful

scan of the subnet

Generated by Angry IP Scanner 3.7.6
https://angryip.org

Scanned 172.30.5.0 - 172.30.5.255
Jan 10, 2022 2:39:16 PM

IP              Ping            Hostname                Ports           NetBIOS Info                        MAC Address                      MAC Vendor                    
172.30.5.1      4 ms            router.home.test        80,443          [n/a]                               [n/a]                            [n/a]                         
172.30.5.8      4 ms            3n008.home.test         80,443,8080     [n/a]                               [n/a]                            [n/a]                         
172.30.5.27     6 ms            tp-share                80,443          WORKGROUP\TP-SHARE@TP-SHARE [00-00-00-00-00-00][n/a]                            [n/a]                         
172.30.5.28     3 ms            3n028.home.test         80              [n/a]                               [n/a]                            [n/a]                         
172.30.5.128    3 ms            3n128.home.test         80              [n/a]                               [n/a]                            [n/a]                         
172.30.5.135    3 ms            3n135.home.test         80              [n/a]                               [n/a]                            [n/a]                         
172.30.5.139    7 ms            3n139.home.test         [n/a]           [n/a]                               [n/a]                            [n/a]                         
172.30.5.165    6 ms            3n165.home.test         80,443          [n/a]                               [n/a]                            [n/a]                         
172.30.5.166    4 ms            3n166.home.test         80,443          [n/a]                               [n/a]                            [n/a]                         
172.30.5.170    6 ms            3n170.home.test         [n/a]           [n/a]                               [n/a]                            [n/a]                         
172.30.5.177    3 ms            3n177.home.test         80              [n/a]                               [n/a]                            [n/a]                         
172.30.5.196    3 ms            sq05.home.test          80,443,8080     WORKGROUP\SQ05@SQ05 [00-00-00-00-00-00][n/a]                            [n/a]                         
172.30.5.197    3 ms            sq04.home.test          80,443,8080     WORKGROUP\SQ04@SQ04 [00-00-00-00-00-00][n/a]                            [n/a]                         
172.30.5.202    6 ms            pc02.home.test          [n/a]           [n/a]                               [n/a]                            [n/a]

172.30.5.1 is an the router (edgerouter x)

172.30.5.8 is a HP printer

172.30.5.27 is a TP-link router as an access point

172.30.5.28 is a openwrt router as an access point

172.30.5.202 is a Windows 8 PC

172.30.5.253 and .254 are the Ubuntu servers (missing)

no reponse on ping

C:\Windows\system32>tracert 172.30.5.254

Tracing route to 2ns4.home.test [172.30.5.254]
over a maximum of 30 hops:

  1     4 ms     4 ms     4 ms  172.30.13.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *     ^C
C:\Windows\system32>tracert 172.30.5.27

Tracing route to tp-share [172.30.5.27]
over a maximum of 30 hops:

  1     4 ms     4 ms     4 ms  172.30.13.1
  2     7 ms     7 ms     8 ms  tp-share [172.30.5.27]

Trace complete.

C:\Windows\system32>

tracing from 172.30.13.41

C:\Windows\system32>tracert 172.30.5.254

Tracing route to 2ns4.home.test [172.30.5.254]
over a maximum of 30 hops:

  1     3 ms     3 ms     3 ms  172.30.13.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4  ^C
C:\Windows\system32>tracert 172.30.5.253

Tracing route to 2ns3.home.test [172.30.5.253]
over a maximum of 30 hops:

  1     4 ms     4 ms     4 ms  172.30.13.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *     ^C
C:\Windows\system32>
C:\Windows\system32>tracert 172.30.5.27

Tracing route to tp-share [172.30.5.27]
over a maximum of 30 hops:

  1     4 ms     4 ms     4 ms  172.30.13.1
  2     8 ms     7 ms     7 ms  tp-share [172.30.5.27]

Trace complete.

C:\Windows\system32>

the problem is when the client is on a different subnet than the server

clients on the same subnet work

65
0 + 0
vpn
Thomas Aichinger avatar
cn flag
Thomas Aichinger
Please post output of your config. 'ip a', 'ip route' and 'ufw status'.
0
Reply
James Anderson avatar
gd flag
James Anderson
added rule, ip ad and ip route
0
Reply
James Anderson avatar
gd flag
James Anderson
note: Samba on TP-link and Asus routers and Qnap NAS don't have this "local" restriction
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
If you turn off firewall, does it work then?
0
Reply
James Anderson avatar
gd flag
James Anderson
I just tried disabling the ufw firewall and it fails It failed before I first enabled ufw It failed before I added my UFW rules. It fails on the other server that has never had ufw enabled. It appears to me that there is a default restriction to only respond to addresses within the subnet of an interface “LOCAL”.
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
Ok, then can you give me an example from what ip to what other ip you cant connect. Try to ping the other node. Further try to traceroute to the other node and post the output please.
0
Reply
James Anderson avatar
gd flag
James Anderson
added tracert etc.
0
Reply
James Anderson avatar
gd flag
James Anderson
I can access the share on tp-share via Net use \\tp-share\g
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
I am a bit confused. What is the client IP and what is the IP of the server you want to connect to?
0
Reply
James Anderson avatar
gd flag
James Anderson
For local testing the Windows client PC is 172.30.13.51 (on VLAN13) The remote Windows client is 192.168.1.101 The Ubuntu server with UFW enabled is 172.30.5.254 The other server (no UFW) is 172.30.5.253 The TP-link router that works is 172.30.5.27
0
Reply
James Anderson avatar
gd flag
James Anderson
all subnets are /24
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
Now we are talking about 172.30.13.51 (client) and 172.30.5.253 (server), Forget the rest. What routes does this client have? And what output of tracert does this client produce?
0
Reply
James Anderson avatar
gd flag
James Anderson
added traces from 172.30.13.41 - problem occurs only if client is on different subnet than server
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
client 172.30.13.41 does not have a route to 172.30.5.253. Post output of 'ip a' and 'ip route' from 172.30.13.41. There should either be an ip from 172.30.5. or a gateway that is capable to route the packet to 172.30.5.
0
Reply
James Anderson avatar
gd flag
James Anderson
it appears the problem is that I set the default route on the wrong interface, not the firewall
0
Reply
Thomas Aichinger avatar
cn flag
Thomas Aichinger
Did that solve your problem?
0
Reply
Score:0
James Anderson avatar Ubuntu
gd flag
James Anderson

Thanks to Thomas for suggesting routing. My problem was my routing settings in the Ubuntu servers. When a request comes from a non-local subnet, the routing for the subnet must be to the same interface (real or virtual). In my case I changed the default route to point to the subnet (VLAN5) used by the VPN tunnel(on both servers). With this change samba and ping work for the server using ufw and the server not using ufw.

The changed default route. ip route add default via 172.30.5.1

If you can't change the default route a static route should also work.

Here is my corrected script for setting up VLANs.

root@ns04:~# cd /usr/local/bin
root@ns04:/usr/local/bin# cat st-vlans
#!/bin/sh
sleep 1
dot_ip=$1
# echo $dot_ip
# set dev0_name address
dev0_name=$(ls /sys/class/net/ | sort | grep -m 1 en)
if [ "$dev0_name" = "" ]
then
        dev0_name=$(ls /sys/class/net/ | sort | grep -m 1 eth)
fi
if [ "$dev0_name" = "" ]
then
        exit 1
fi
#
# enable WOL - requres installing ethtool
#
ethtool -s $dev0_name wol g
#
# set dot_ip (last octet)
#
read host_name < /etc/hostname
#
if [ "$dot_ip" = "" ]
then
        case $host_name in
                "ns01") dot_ip=251;;
                "ns02") dot_ip=252;;
                "ns03") dot_ip=253;;
                "ns04") dot_ip=254;;
#               *) dot_ip=250;;
        esac
fi
# exit if no ip address
if [ "$dot_ip" = "" ]
then
        exit 2
fi
# ls /sys/class/net/ | sort | grep enp -m 1 > /tmp/eth-name.txt
# read dev0_name < /tmp/eth-name.txt
#
# add VLANS
ip link add link $dev0_name name $dev0_name.4 type vlan id 4
if [ "$host_name" != "ns01" ]
then
        ip link add link $dev0_name name $dev0_name.5 type vlan id 5
fi
ip link add link $dev0_name name $dev0_name.4 type vlan id 4
ip link add link $dev0_name name $dev0_name.7 type vlan id 7
ip link add link $dev0_name name $dev0_name.8 type vlan id 8
ip link add link $dev0_name name $dev0_name.9 type vlan id 9
ip link add link $dev0_name name $dev0_name.10 type vlan id 10
ip link add link $dev0_name name $dev0_name.11 type vlan id 11
ip link add link $dev0_name name $dev0_name.12 type vlan id 12
#
# set addresses
if [ "$dot_ip" != "" ]
then
        sleep 5
        ip addr add 172.30.3.$dot_ip/24 broadcast 172.30.3.255 dev $dev0_name
#
        ip addr add 172.30.4.$dot_ip/24 brd 172.30.4.255 dev $dev0_name.4
        ip link set dev $dev0_name.4 up
#
        if [ "$host_name" != "ns01" ]
        then
                ip addr add 172.30.5.$dot_ip/24 brd 172.30.5.255 dev $dev0_name.5
                ip link set dev $dev0_name.5 up
                ip route add default via 172.30.5.1
        fi
#
        ip addr add 172.30.4.$dot_ip/24 brd 172.30.4.255 dev $dev0_name.4
        ip link set dev $dev0_name.4 up
#
        ip addr add 172.30.7.$dot_ip/24 brd 172.30.7.255 dev $dev0_name.7
        ip link set dev $dev0_name.7 up
#
        ip addr add 172.30.8.$dot_ip/24 brd 172.30.8.255 dev $dev0_name.8
        ip addr add fdea:0:0:8::$dot_ip/64 dev $dev0_name.8
        ip link set dev $dev0_name.8 up
#
        ip addr add 172.30.9.$dot_ip/24 brd 172.30.9.255 dev $dev0_name.9
        ip link set dev $dev0_name.9 up
#
        ip addr add 172.30.10.$dot_ip/24 brd 172.30.10.255 dev $dev0_name.10
        ip link set dev $dev0_name.10 up
#
        ip addr add 172.30.11.$dot_ip/24 brd 172.30.11.255 dev $dev0_name.11
        ip link set dev $dev0_name.11 up
#
        ip addr add 172.30.12.$dot_ip/24 brd 172.30.12.255 dev $dev0_name.12
        ip link set dev $dev0_name.12 up
fi
#
# set eth1 address
if [ "$host_name" = "ns01" ]
then
        ip addr add 172.30.5.$dot_ip/24 broadcast 172.30.5.255 dev eth1
fi
exit 0
# ip addr add 2001:470:xxxx:1::$dot_ip/64 dev $dev0_name
# ip route add default via 2001:470:bccf:1::1
#
root@ns04:/usr/local/bin#


Thanks  to Thomas for suggesting routing.
My problem was my routing settings in the Ubuntu servers.
When a request comes from a non-local subnet, the routing for the subnet must be to the same interface (real or virtual).
In my case I changed the default route to point to the subnet (VLAN5) used by the VPN tunnel(on both servers).
With this change samba and ping work for the server using ufw and the server not using ufw.

The changed default route.
ip route add default via 172.30.5.1

If you can't change the default route a static route should also work.

Here is my corrected script for setting up VLANs.


root@ns04:~# cd /usr/local/bin
root@ns04:/usr/local/bin# cat st-vlans
#!/bin/sh
sleep 1
dot_ip=$1
# echo $dot_ip
# set dev0_name address
dev0_name=$(ls /sys/class/net/ | sort | grep -m 1 en)
if [ "$dev0_name" = "" ]
then
        dev0_name=$(ls /sys/class/net/ | sort | grep -m 1 eth)
fi
if [ "$dev0_name" = "" ]
then
        exit 1
fi
#
# enable WOL - requres installing ethtool
#
ethtool -s $dev0_name wol g
#
# set dot_ip (last octet)
#
read host_name < /etc/hostname
#
if [ "$dot_ip" = "" ]
then
        case $host_name in
                "ns01") dot_ip=251;;
                "ns02") dot_ip=252;;
                "ns03") dot_ip=253;;
                "ns04") dot_ip=254;;
#               *) dot_ip=250;;
        esac
fi
# exit if no ip address
if [ "$dot_ip" = "" ]
then
        exit 2
fi
# ls /sys/class/net/ | sort | grep enp -m 1 > /tmp/eth-name.txt
# read dev0_name < /tmp/eth-name.txt
#
# add VLANS
ip link add link $dev0_name name $dev0_name.4 type vlan id 4
if [ "$host_name" != "ns01" ]
then
        ip link add link $dev0_name name $dev0_name.5 type vlan id 5
fi
ip link add link $dev0_name name $dev0_name.4 type vlan id 4
ip link add link $dev0_name name $dev0_name.7 type vlan id 7
ip link add link $dev0_name name $dev0_name.8 type vlan id 8
ip link add link $dev0_name name $dev0_name.9 type vlan id 9
ip link add link $dev0_name name $dev0_name.10 type vlan id 10
ip link add link $dev0_name name $dev0_name.11 type vlan id 11
ip link add link $dev0_name name $dev0_name.12 type vlan id 12
#
# set addresses
if [ "$dot_ip" != "" ]
then
        sleep 5
        ip addr add 172.30.3.$dot_ip/24 broadcast 172.30.3.255 dev $dev0_name
#
        ip addr add 172.30.4.$dot_ip/24 brd 172.30.4.255 dev $dev0_name.4
        ip link set dev $dev0_name.4 up
#
        if [ "$host_name" != "ns01" ]
        then
                ip addr add 172.30.5.$dot_ip/24 brd 172.30.5.255 dev $dev0_name.5
                ip link set dev $dev0_name.5 up
                ip route add default via 172.30.5.1
        fi
#
        ip addr add 172.30.4.$dot_ip/24 brd 172.30.4.255 dev $dev0_name.4
        ip link set dev $dev0_name.4 up
#
        ip addr add 172.30.7.$dot_ip/24 brd 172.30.7.255 dev $dev0_name.7
        ip link set dev $dev0_name.7 up
#
        ip addr add 172.30.8.$dot_ip/24 brd 172.30.8.255 dev $dev0_name.8
        ip addr add fdea:0:0:8::$dot_ip/64 dev $dev0_name.8
        ip link set dev $dev0_name.8 up
#
        ip addr add 172.30.9.$dot_ip/24 brd 172.30.9.255 dev $dev0_name.9
        ip link set dev $dev0_name.9 up
#
        ip addr add 172.30.10.$dot_ip/24 brd 172.30.10.255 dev $dev0_name.10
        ip link set dev $dev0_name.10 up
#
        ip addr add 172.30.11.$dot_ip/24 brd 172.30.11.255 dev $dev0_name.11
        ip link set dev $dev0_name.11 up
#
        ip addr add 172.30.12.$dot_ip/24 brd 172.30.12.255 dev $dev0_name.12
        ip link set dev $dev0_name.12 up
fi
#
# set eth1 address
if [ "$host_name" = "ns01" ]
then
        ip addr add 172.30.5.$dot_ip/24 broadcast 172.30.5.255 dev eth1
fi
exit 0
# ip addr add 2001:470:xxxx:1::$dot_ip/64 dev $dev0_name
# ip route add default via 2001:470:bccf:1::1
#
root@ns04:/usr/local/bin#
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.