From c05c0cafcd66875bb0ed7986476f4db6ef93092f Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 27 Mar 2017 21:00:03 +0200 Subject: [PATCH] Add IPv4 exit via NAT --- roles/exit-ipv4/handlers/main.yml | 4 ++++ roles/exit-ipv4/tasks/main.yml | 8 ++++++++ roles/exit-ipv4/templates/rules.v4.j2 | 13 +++++++++++++ site.yml | 1 + 4 files changed, 26 insertions(+) create mode 100644 roles/exit-ipv4/handlers/main.yml create mode 100644 roles/exit-ipv4/tasks/main.yml create mode 100644 roles/exit-ipv4/templates/rules.v4.j2 diff --git a/roles/exit-ipv4/handlers/main.yml b/roles/exit-ipv4/handlers/main.yml new file mode 100644 index 0000000..26235cd --- /dev/null +++ b/roles/exit-ipv4/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: Reload iptables + shell: iptables-restore < /etc/iptables/rules.v4 diff --git a/roles/exit-ipv4/tasks/main.yml b/roles/exit-ipv4/tasks/main.yml new file mode 100644 index 0000000..f02422e --- /dev/null +++ b/roles/exit-ipv4/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Install iptables-persistent + apt: name=iptables-persistent state=present + +- name: Configure iptables + template: src=rules.v4.j2 dest=/etc/iptables/rules.v4 + notify: Reload iptables diff --git a/roles/exit-ipv4/templates/rules.v4.j2 b/roles/exit-ipv4/templates/rules.v4.j2 new file mode 100644 index 0000000..5a2d727 --- /dev/null +++ b/roles/exit-ipv4/templates/rules.v4.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +*nat +:PREROUTING ACCEPT [1:136] +:INPUT ACCEPT [1:136] +:OUTPUT ACCEPT [2:472] +:POSTROUTING ACCEPT [0:0] +-A POSTROUTING -o eth0 -j MASQUERADE +COMMIT +*filter +:INPUT ACCEPT [1124:131621] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [1151:175226] +COMMIT diff --git a/site.yml b/site.yml index b5bed2c..77cc31f 100644 --- a/site.yml +++ b/site.yml @@ -13,6 +13,7 @@ - batman - fastd - mesh-interfaces + - exit-ipv4 - dns - dhcpd - respondd