arc/network/init/bridge.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2015 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Installed by chromeos-cheets-scripts ebuild.

 description     "Sets up bridge interface for android containers"
 author          "chromium-os-dev@chromium.org"

 start on started nat
 stop on stopped nat

 env CROS_PRIVATE_IP=100.115.92.1
 env ARC_PRIVATE_IP=100.115.92.2

 pre-start script

   # Configure the persistent Chrome OS bridge interface with static IP.
   brctl addbr arcbr0
   ifconfig arcbr0 ${CROS_PRIVATE_IP} netmask 255.255.255.252 up

   # See nat.conf in chromeos-nat-init for the rest of the NAT setup rules.

   iptables -t mangle -A PREROUTING -i arcbr0 \
     -j MARK --set-mark 1 -w

   # Forward "unclaimed" packets to Android to allow inbound connections
   # from devices on the LAN.
   iptables -t nat -N dnat_arc -w
   iptables -t nat -A dnat_arc -j DNAT --to-destination ${ARC_PRIVATE_IP} -w

   # This chain is dynamically updated by arc-networkd whenever the default
   # interface changes.
   iptables -t nat -N try_arc -w

   iptables -t nat -A PREROUTING -m socket --nowildcard -j ACCEPT -w
   iptables -t nat -A PREROUTING -p tcp -j try_arc -w
   iptables -t nat -A PREROUTING -p udp -j try_arc -w

   iptables -A FORWARD -o arcbr0 -j ACCEPT -w

   # Limited port range; Android owns 47104-61000.
   sysctl -w net.ipv4.ip_local_port_range="32768 47103"

 end script # pre-start

 post-stop script

   # Restore original (default) port range.
   sysctl -w net.ipv4.ip_local_port_range="32768 61000"

   iptables -D FORWARD -o arcbr0 -j ACCEPT -w

   iptables -t nat -D PREROUTING -p udp -j try_arc -w
   iptables -t nat -D PREROUTING -p tcp -j try_arc -w
   iptables -t nat -D PREROUTING -m socket --nowildcard -j ACCEPT -w

   iptables -t nat -F try_arc -w
   iptables -t nat -X try_arc -w

   iptables -t nat -F dnat_arc -w
   iptables -t nat -X dnat_arc -w

   iptables -t mangle -D PREROUTING -i arcbr0 \
     -j MARK --set-mark 1 -w

   ifconfig arcbr0 down
   brctl delbr arcbr0

 end script # post-stop
	# Copyright 2015 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Installed by chromeos-cheets-scripts ebuild.

	description "Sets up bridge interface for android containers"
	author "chromium-os-dev@chromium.org"

	start on started nat
	stop on stopped nat

	env CROS_PRIVATE_IP=100.115.92.1
	env ARC_PRIVATE_IP=100.115.92.2

	pre-start script

	# Configure the persistent Chrome OS bridge interface with static IP.
	brctl addbr arcbr0
	ifconfig arcbr0 ${CROS_PRIVATE_IP} netmask 255.255.255.252 up

	# See nat.conf in chromeos-nat-init for the rest of the NAT setup rules.

	iptables -t mangle -A PREROUTING -i arcbr0 \
	-j MARK --set-mark 1 -w

	# Forward "unclaimed" packets to Android to allow inbound connections
	# from devices on the LAN.
	iptables -t nat -N dnat_arc -w
	iptables -t nat -A dnat_arc -j DNAT --to-destination ${ARC_PRIVATE_IP} -w

	# This chain is dynamically updated by arc-networkd whenever the default
	# interface changes.
	iptables -t nat -N try_arc -w

	iptables -t nat -A PREROUTING -m socket --nowildcard -j ACCEPT -w
	iptables -t nat -A PREROUTING -p tcp -j try_arc -w
	iptables -t nat -A PREROUTING -p udp -j try_arc -w

	iptables -A FORWARD -o arcbr0 -j ACCEPT -w

	# Limited port range; Android owns 47104-61000.
	sysctl -w net.ipv4.ip_local_port_range="32768 47103"

	end script # pre-start

	post-stop script

	# Restore original (default) port range.
	sysctl -w net.ipv4.ip_local_port_range="32768 61000"

	iptables -D FORWARD -o arcbr0 -j ACCEPT -w

	iptables -t nat -D PREROUTING -p udp -j try_arc -w
	iptables -t nat -D PREROUTING -p tcp -j try_arc -w
	iptables -t nat -D PREROUTING -m socket --nowildcard -j ACCEPT -w

	iptables -t nat -F try_arc -w
	iptables -t nat -X try_arc -w

	iptables -t nat -F dnat_arc -w
	iptables -t nat -X dnat_arc -w

	iptables -t mangle -D PREROUTING -i arcbr0 \
	-j MARK --set-mark 1 -w

	ifconfig arcbr0 down
	brctl delbr arcbr0

	end script # post-stop