diff options
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/minipc-router.yml | 1 | ||||
-rw-r--r-- | ansible/roles/router/files/enable-routing.conf | 2 | ||||
-rw-r--r-- | ansible/roles/router/files/setup-firewall | 3 | ||||
-rw-r--r-- | ansible/roles/router/tasks/main.yml | 13 |
4 files changed, 19 insertions, 0 deletions
diff --git a/ansible/minipc-router.yml b/ansible/minipc-router.yml index 2f9371b..f9086d0 100644 --- a/ansible/minipc-router.yml +++ b/ansible/minipc-router.yml @@ -8,3 +8,4 @@ roles: - lan1-dhcp-client - sane-debian-system + - router diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/enable-routing.conf new file mode 100644 index 0000000..c24ade9 --- /dev/null +++ b/ansible/roles/router/files/enable-routing.conf @@ -0,0 +1,2 @@ +net.ipv4.ip_forward=1 +net.ipv6.conf.all.forwarding=1 diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall new file mode 100644 index 0000000..77f80d8 --- /dev/null +++ b/ansible/roles/router/files/setup-firewall @@ -0,0 +1,3 @@ +#!/bin/sh + +exec iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml new file mode 100644 index 0000000..6b76440 --- /dev/null +++ b/ansible/roles/router/tasks/main.yml @@ -0,0 +1,13 @@ +- name: add iptables masquerading rule + copy: + src: setup-firewall + dest: /usr/local/sbin/setup-firewall + mode: 0755 + +- name: set up packet forwarding sysctl config + copy: + src: enable-routing.conf + dest: /etc/sysctl.d + +- name: load sysctl config change + shell: sysctl -p /etc/sysctl.d/enable-routing.conf |