exit_ip: add support for NAT pools

2021-08-03 18:19:26 +02:00 · 2021-08-03 18:19:26 +02:00 · 44fc0e626e
parent ad4b92cc7a
commit 44fc0e626e
3 changed files with 4 additions and 1 deletions
--- a/host_vars/gw31.regensburg.freifunk.net
+++ b/host_vars/gw31.regensburg.freifunk.net
@ -18,3 +18,5 @@ fastd_port: 10030
 gateway_id: 31

 site_code: ffrgb_tst
+
+nat_pool: 194.156.22.32-194.156.22.33
--- a/roles/exit_ip/defaults/main.yml
+++ b/roles/exit_ip/defaults/main.yml
@ -2,3 +2,4 @@

 conntrack_max: 131072
 fastd_instances: 3
+nat_pool: "{{ ansible_default_ipv4.address }}"
--- a/roles/exit_ip/templates/rules.v4.j2
+++ b/roles/exit_ip/templates/rules.v4.j2
@ -4,7 +4,7 @@
 :INPUT ACCEPT [1:136]
 :OUTPUT ACCEPT [2:472]
 :POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
+-A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j SNAT --to-source {{ nat_pool }}
 COMMIT
 *filter
 :INPUT ACCEPT [1124:131621]