summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2016-09-06 15:20:47 +0300
committerLars Wirzenius <liw@liw.fi>2016-09-06 15:20:47 +0300
commit8fe447d46c56fb648bf2c1f34fedae47dbbaee2f (patch)
treed6137159b4aa954df1a36dbb11690056a40655ce
parentac0ac75ff26e7bc4d5cc09a510652c0890d053ba (diff)
downloadminipc-router-8fe447d46c56fb648bf2c1f34fedae47dbbaee2f.tar.gz
Setup routing and NAT/masquerade firewall
-rw-r--r--ansible/minipc-router.yml1
-rw-r--r--ansible/roles/router/files/enable-routing.conf2
-rw-r--r--ansible/roles/router/files/setup-firewall3
-rw-r--r--ansible/roles/router/tasks/main.yml13
4 files changed, 19 insertions, 0 deletions
diff --git a/ansible/minipc-router.yml b/ansible/minipc-router.yml
index 2f9371b..f9086d0 100644
--- a/ansible/minipc-router.yml
+++ b/ansible/minipc-router.yml
@@ -8,3 +8,4 @@
roles:
- lan1-dhcp-client
- sane-debian-system
+ - router
diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/enable-routing.conf
new file mode 100644
index 0000000..c24ade9
--- /dev/null
+++ b/ansible/roles/router/files/enable-routing.conf
@@ -0,0 +1,2 @@
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall
new file mode 100644
index 0000000..77f80d8
--- /dev/null
+++ b/ansible/roles/router/files/setup-firewall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec iptables -t nat -A POSTROUTING -j MASQUERADE
diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml
new file mode 100644
index 0000000..6b76440
--- /dev/null
+++ b/ansible/roles/router/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: add iptables masquerading rule
+ copy:
+ src: setup-firewall
+ dest: /usr/local/sbin/setup-firewall
+ mode: 0755
+
+- name: set up packet forwarding sysctl config
+ copy:
+ src: enable-routing.conf
+ dest: /etc/sysctl.d
+
+- name: load sysctl config change
+ shell: sysctl -p /etc/sysctl.d/enable-routing.conf