···
vlanIfs = range 1 (length config.virtualisation.vlans);
14
+
environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
virtualisation.vlans = [ 1 2 3 ];
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
···
nodes.client = { pkgs, ... }: with pkgs.lib; {
324
+
environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules
virtualisation.vlans = [ 1 ];
328
+
firewall.logReversePathDrops = true; # to debug firewall rules
329
+
# reverse path filtering rules for the macvlan interface seem
330
+
# to be incorrect, causing the test to fail. Disable temporarily.
331
+
firewall.checkReversePath = false;
firewall.allowPing = true;
macvlans.macvlan.interface = "eth1";
···
$client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'");
$client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'");
344
-
# Print diagnosting information
350
+
# Print lots of diagnostic information
351
+
$router->log('**********************************************');
$router->succeed("ip addr >&2");
353
+
$router->succeed("ip route >&2");
354
+
$router->execute("iptables-save >&2");
355
+
$client->log('==============================================');
$client->succeed("ip addr >&2");
357
+
$client->succeed("ip route >&2");
358
+
$client->execute("iptables-save >&2");
359
+
$client->log('##############################################');
# Test macvlan creates routable ips
$client->waitUntilSucceeds("ping -c 1 192.168.1.1");
pyrox.dev