#!/bin/sh +x
-IP=/sbin/ip
-
SLICE=$1
SLICEID=`id -u $SLICE`
NODEID=$2
KEY=$3
-modprobe etun
-
#
# OpenVPN uses addresses in 10.<nodeid>/16 block. Avoid collisions with
# this block. NAT interface is not advertised and so does not require
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 $EXTNET up
-/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
-
### Put a process in the vserver so we can move the interface there
su $SLICE -c "sleep 30 &"
PID=`su $SLICE -c "pgrep -n sleep"`
-$IP link set $ETUN0 netns $PID
+ip link set $ETUN0 netns $PID
naddress --add --nid $SLICEID --ip $INTNET
sleep 1
su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
- sudo /sbin/route add -net $BASENET $ETUN0; \
sudo /sbin/route add default gw $EXTIP; \
sudo /sbin/ifconfig lo 127.0.0.1/8 up"
+ip rule add dev eth0 fwmark $KEY table $KEY
+ip route add table $KEY default via $INTIP
+iptables -t mangle -A PREROUTING -i $ETUN1 -j CONNMARK --set-mark $KEY