Commit 4fa778f8 authored by Nolan's avatar Nolan

Sim environment

parent 22599e90
.vagrant
# -*- mode: ruby -*-
# vi: set ft=ruby :
vagrant_dir = File.join(File.dirname(File.expand_path(__FILE__)), ".vagrant")
Vagrant.configure("2") do |config|
config.vm.box = "debian/contrib-buster64"
config.vm.provider "virtualbox" do |vb|
vb.memory = "512"
vb.cpus = 1
vb.linked_clone = true
end
################# SIMULATED INTERNET #################
config.vm.define "inet" do |inet|
inet.vm.hostname = "inet"
inet.vm.network "private_network", ip: "30.0.0.1",
virtualbox__intnet: "router_inet"
inet.vm.network "private_network", ip: "30.0.1.1",
virtualbox__intnet: "boundery_inet"
inet.vm.provision "shell", inline: <<-SHELL
sudo apt-get update
sudo apt-get install -y --no-install-recommends unbound python3-dnslib dnsutils
sudo cp /vagrant/inet/test-recursor.conf /etc/unbound/unbound.conf.d/
sudo cp /vagrant/inet/fakeroot.hints /etc/unbound/
sudo /etc/init.d/unbound restart
sudo cp /vagrant/inet/fakerootdns.py /usr/local/sbin/
#https://github.com/hal/testsuite.next/blob/master/how-run-pebble.md
sudo wget https://github.com/letsencrypt/pebble/releases/download/v2.3.0/pebble_linux-amd64 -O /usr/local/sbin/pebble
sudo chmod a+x /usr/local/sbin/pebble
sudo cp /vagrant/inet/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
SHELL
end
################# BOUNDERY SERVER #################
config.vm.define "boundery" do |boundery|
boundery.vm.hostname = "boundery"
boundery.vm.network "private_network", ip: "30.0.1.9",
virtualbox__intnet: "boundery_inet"
boundery.vm.provision "shell", inline: <<-SHELL
sudo cp /vagrant/boundery/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
#XXX Get /etc/resolv.conf pointed at unbound on inet.
#XXX Install docker and any other deps. Basically run setup_server
SHELL
#XXX Provisioner to install containers, os images, client installers, etc.
end
################# HOME ROUTER #################
config.vm.define "router" do |router|
router.vm.hostname = "router"
router.vm.network "private_network", ip: "192.168.1.1",
virtualbox__intnet: "client_router"
router.vm.network "private_network", ip: "30.0.0.150",
virtualbox__intnet: "router_inet"
router.vm.provision "shell", inline: <<-SHELL
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y dnsmasq iptables-persistent
sudo cp /vagrant/router/rules.v4 /etc/iptables/
sudo /etc/init.d/netfilter-persistent restart
sudo cp /vagrant/router/dhcp.conf /vagrant/router/dns.conf /etc/dnsmasq.d/
sudo /etc/init.d/dnsmasq restart
sudo cp /vagrant/router/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
SHELL
end
################# CLIENT #################
config.vm.define "client" do |client|
client.vm.hostname = "client"
client.vm.network "private_network",
virtualbox__intnet: "client_router", type: "dhcp"
#XXX Figure out how to attach USB stick to write OS image to. See: client/Vagrantfile
# .vmdk can wrap a raw image, so no need to copy to .vdi:
# VBoxManage internalcommands createrawvmdk -filename test.vmdk -rawdisk raw.img
client.vm.provision "shell", inline: <<-SHELL
#XXX Install selenium/chromedriver/any other deps.
SHELL
#XXX Provisioner to copy in tests, install client and run tests
end
################# HOME SERVER #################
config.vm.define "server", autostart: false do |server|
config.vm.box = "sridhav/empty"
config.vm.provider "virtualbox" do |vb|
#vb.gui = true
vb.linked_clone = false
vb.memory = "1024"
vb.customize ["modifyvm", :id, "--firmware", "efi"]
#vb.customize ['storageattach', :id, '--storagectl', 'SATA', '--port', 1, '--device', 0,
# '--type', 'hdd', '--medium', 'boot.vmdk']
serial_log = File.join(vagrant_dir, "server_cons.log")
vb.customize ["modifyvm", :id, "--uart1", "0x3F8", "4", "--uartmode1", "file", serial_log]
end
server.vm.hostname = "server"
#server.vm.network "private_network", :mac => "443839FFF001", :adapter => 1,
# virtualbox__intnet: "client_router", auto_config: false
server.vm.network "private_network", :mac => "443839FFF001",
virtualbox__intnet: "client_router", type: "dhcp"
#XXX Need to disable/redirect 'vagrant ssh' for "Waiting for machine to boot"
#server.ssh.port=60000
#server.ssh.host = "192.168.1.9"
server.vm.synced_folder ".", "/vagrant", disabled: true
#XXX Attach (and boot off of) USB stick that client wrote the image to.
#XXX Attach USB stick for RW storage.
end
end
#!/bin/bash
ip route add 30.0.0.0/16 via 30.0.1.1
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 30.0.255.1
import sys, time
from dnslib import RR, RCODE, QTYPE
from dnslib.server import DNSServer,DNSHandler,BaseResolver,DNSLogger
class OURIP:
pass
#XXX I think all this could be replaced with dnslib's zoneresolver.py,
# by giving it fakeroot.hints with our extra records appended.
zone = {
('NS', '.'): 'a.root-servers.net.',
('A', 'net.'): OURIP(),
('A', 'root-servers.net.'): OURIP(),
('A', 'a.root-servers.net.'): OURIP(),
('A', 'acme-v02.api.letsencrypt.org'): OURIP(),
('A', 'acme-staging-v02.api.letsencrypt.org'): OURIP(),
('NS', 'boundery.me.'): [ 'ns1.boundery.me.', 'ns1.boundery.me.' ]
('A', 'ns1.boundery.me.'): '30.0.1.9',
('A', 'ns2.boundery.me.'): '30.0.1.9',
}
class DumbResolver(BaseResolver):
def resolve(self, request, handler):
reply = request.reply()
qname = str(request.q.qname).lower()
qtype = QTYPE[request.q.qtype]
print('REQUEST "%s" "%s"' % (qtype, qname))
recs = zone.get((qtype, qname))
if recs:
if type(recs) != list:
recs = [ recs, ]
for rec in recs:
data = sys.argv[1] if type(rec) == OURIP else rec
for rr in RR.fromZone('%s 60 IN %s %s' % (qname, qtype, data)):
print('REPLY WITH: %s' % rr)
reply.add_answer(rr)
else:
reply.header.rcode = RCODE.NXDOMAIN
return reply
if __name__ == '__main__':
if len(sys.argv) != 2:
raise Exception("Requires one argument: address to listen on")
print("DumbResolver started.")
resolver = DumbResolver()
udp_server = DNSServer(resolver, address=sys.argv[1])
tcp_server = DNSServer(resolver, address=sys.argv[1], tcp=True)
udp_server.start_thread()
tcp_server.start_thread()
while udp_server.isAlive() and tcp_server.isAlive():
time.sleep(1)
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
if ! ip addr show dev lo | grep -q 30[.]0[.]255[.]1; then
ip addr add 30.0.255.1/24 dev lo
fi
if [ -f /run/fakerootdns.pid ]; then
kill -9 `cat /run/fakerootdns.pid`
rm /run/fakerootdns.pid
fi
python3 /usr/local/sbin/fakerootdns.py 30.0.255.1 >/var/log/fakedns.log 2>&1 &
echo $! > /run/fakerootdns.pid
server:
verbosity: 10
root-hints: fakeroot.hints
interface: 30.0.0.1
interface: 30.0.1.1
access-control: 30.0.0.0/24 allow
access-control: 30.0.1.0/24 allow
module-config: "iterator" #Disable dnssec.
interface=eth1
bind-interfaces
dhcp-option=eth1,option:classless-static-route,30.0.0.0/16,192.168.1.1
dhcp-range=eth1,192.168.1.150,192.168.1.200,1h
dhcp-host=eth1,44:38:39:ff:f0:01,192.168.1.9,server
no-resolv
server=30.0.0.1
#!/bin/bash
ip route add 30.0.0.0/16 via 30.0.0.1
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
*filter
:INPUT ACCEPT [1:40]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1169:237690]
COMMIT
*nat
:PREROUTING ACCEPT [3:205]
:INPUT ACCEPT [59:670]
:OUTPUT ACCEPT [16:172]
:POSTROUTING ACCEPT [20:257]
-A POSTROUTING -o eth2 -j MASQUERADE
-A PREROUTING -p tcp -d 30.0.0.150 --dport 25 -j DNAT --to 192.168.1.9:25
-A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.9 --dport 25 -j SNAT --to-source 30.0.0.150:25
-A PREROUTING -p tcp -d 30.0.0.150 --dport 80 -j DNAT --to 192.168.1.9:80
-A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.9 --dport 80 -j SNAT --to-source 30.0.0.150:80
-A PREROUTING -p tcp -d 30.0.0.150 --dport 443 -j DNAT --to 192.168.1.9:443
-A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.9 --dport 443 -j SNAT --to-source 30.0.0.150:443
-A PREROUTING -p tcp -d 30.0.0.150 --dport 53 -j DNAT --to 192.168.1.9:53
-A POSTROUTING -p tcp -s 192.168.1.0/24 -d 192.168.1.9 --dport 53 -j SNAT --to-source 30.0.0.150:53
-A PREROUTING -p udp -d 30.0.0.150 --dport 53 -j DNAT --to 192.168.1.9:53
-A POSTROUTING -p udp -s 192.168.1.0/24 -d 192.168.1.9 --dport 53 -j SNAT --to-source 30.0.0.150:53
COMMIT
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment