Enhance network boot provisioning with support for extra LAN IPs and VLAN configuration</message>

<message>Update documentation and scripts to include configuration for extra LAN IPs on eth1 and VLAN interface eth1.40, allowing the LXC to serve multiple subnets and provide NAT for internet access. Modify nftables NAT configuration to accommodate these changes and ensure proper DHCP and DNS setup on eth1. This improves the overall network boot functionality and user experience for the CM4 eMMC provisioning service.
2026-03-04 19:28:53 +02:00
parent 031e1c3415
commit 10c200f994
5 changed files with 135 additions and 63 deletions
--- a/emmc-provisioning/lxc/70-cm4-extra-lan
+++ b/emmc-provisioning/lxc/70-cm4-extra-lan
@@ -0,0 +1,17 @@
+# Extra LAN IPs on eth1 and VLAN 40 on eth1.
+# Primary eth1 address is set by Proxmox/deploy (used by dnsmasq DHCP).
+# Installed by setup-network-boot-on-lxc.sh; ensure /etc/network/interfaces
+# includes: source-directory /etc/network/interfaces.d
+
+# Secondary addresses on eth1 (192.168.30.1, 192.168.127.1)
+iface eth1 inet static
+    address 192.168.30.1/24
+iface eth1 inet static
+    address 192.168.127.1/24
+
+# VLAN 40 on eth1 — 192.168.0.0/24 (gateway 192.168.0.1)
+# Requires: apt install vlan; host bridge must pass VLAN 40 if using tagged uplink
+auto eth1.40
+iface eth1.40 inet static
+    address 192.168.0.1/24
+    vlan-raw-device eth1
--- a/emmc-provisioning/lxc/README.md
+++ b/emmc-provisioning/lxc/README.md
@@ -7,7 +7,9 @@ Config files for the **provisioning LXC** when using **eth1** as a provisioning
 | File | Purpose |
 |------|--------|
 | **dnsmasq-network-boot.conf** | Template: dnsmasq DHCP + TFTP on eth1. Setup script writes `/etc/dnsmasq.d/network-boot.conf` using values from `lan-subnet.conf`. |
-| **nft-nat-lan.conf** | Template: nftables NAT for LAN→WAN. Setup script writes `/etc/nftables.d/nat-lan.conf` using `LAN_CIDR` from `lan-subnet.conf`. |
+| **nft-nat-lan.conf** | Template: nftables NAT for LAN→WAN (primary + extra subnets + VLAN 40). Setup script writes `/etc/nftables.d/nat-lan.conf`. |
+| **70-cm4-extra-lan** | Extra LAN IPs on eth1 (192.168.30.1, 192.168.127.1) and VLAN eth1.40 (192.168.0.1/24). Installed to `/etc/network/interfaces.d/` by setup script. |
+| **toggle-network-boot-dhcp.sh** | Enable/disable PXE (TFTP) on the LXC; copied to `/opt/cm4-provisioning/` by setup script. |

 Setup is done by running (from your machine):

--- a/emmc-provisioning/lxc/nft-nat-lan.conf
+++ b/emmc-provisioning/lxc/nft-nat-lan.conf
@@ -1,10 +1,14 @@
-# nftables: NAT for LAN (eth1) so clients use WAN (eth0) for internet.
+# nftables: NAT for LAN (eth1 + extra IPs + eth1.40) so clients use WAN (eth0) for internet.
 # Load with: nft -f /etc/nftables.d/nat-lan.conf
-# When using setup-network-boot-on-lxc.sh, the subnet is taken from /opt/cm4-provisioning/lan-subnet.conf (LAN_CIDR).
+# When using setup-network-boot-on-lxc.sh, the primary subnet is from lan-subnet.conf (LAN_CIDR).
+# Extra subnets: 192.168.30.0/24, 192.168.127.0/24 (eth1), 192.168.0.0/24 (eth1.40 VLAN).

 table ip nat {
 	chain postrouting {
 		type nat hook postrouting priority srcnat; policy accept;
 		ip saddr 10.20.50.0/24 oifname "eth0" masquerade
+		ip saddr 192.168.30.0/24 oifname "eth0" masquerade
+		ip saddr 192.168.127.0/24 oifname "eth0" masquerade
+		ip saddr 192.168.0.0/24 oifname "eth0" masquerade
 	}
 }