From 8fe447d46c56fb648bf2c1f34fedae47dbbaee2f Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 6 Sep 2016 15:20:47 +0300 Subject: Setup routing and NAT/masquerade firewall --- ansible/minipc-router.yml | 1 + ansible/roles/router/files/enable-routing.conf | 2 ++ ansible/roles/router/files/setup-firewall | 3 +++ ansible/roles/router/tasks/main.yml | 13 +++++++++++++ 4 files changed, 19 insertions(+) create mode 100644 ansible/roles/router/files/enable-routing.conf create mode 100644 ansible/roles/router/files/setup-firewall create mode 100644 ansible/roles/router/tasks/main.yml (limited to 'ansible') diff --git a/ansible/minipc-router.yml b/ansible/minipc-router.yml index 2f9371b..f9086d0 100644 --- a/ansible/minipc-router.yml +++ b/ansible/minipc-router.yml @@ -8,3 +8,4 @@ roles: - lan1-dhcp-client - sane-debian-system + - router diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/enable-routing.conf new file mode 100644 index 0000000..c24ade9 --- /dev/null +++ b/ansible/roles/router/files/enable-routing.conf @@ -0,0 +1,2 @@ +net.ipv4.ip_forward=1 +net.ipv6.conf.all.forwarding=1 diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall new file mode 100644 index 0000000..77f80d8 --- /dev/null +++ b/ansible/roles/router/files/setup-firewall @@ -0,0 +1,3 @@ +#!/bin/sh + +exec iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml new file mode 100644 index 0000000..6b76440 --- /dev/null +++ b/ansible/roles/router/tasks/main.yml @@ -0,0 +1,13 @@ +- name: add iptables masquerading rule + copy: + src: setup-firewall + dest: /usr/local/sbin/setup-firewall + mode: 0755 + +- name: set up packet forwarding sysctl config + copy: + src: enable-routing.conf + dest: /etc/sysctl.d + +- name: load sysctl config change + shell: sysctl -p /etc/sysctl.d/enable-routing.conf -- cgit v1.2.1