From 44fc0e626eb0857e0a3a6761a6c169d8360cbd35 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 3 Aug 2021 18:19:26 +0200 Subject: [PATCH] exit_ip: add support for NAT pools --- host_vars/gw31.regensburg.freifunk.net | 2 ++ roles/exit_ip/defaults/main.yml | 1 + roles/exit_ip/templates/rules.v4.j2 | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/host_vars/gw31.regensburg.freifunk.net b/host_vars/gw31.regensburg.freifunk.net index 3abb97c..3be1b0d 100644 --- a/host_vars/gw31.regensburg.freifunk.net +++ b/host_vars/gw31.regensburg.freifunk.net @@ -18,3 +18,5 @@ fastd_port: 10030 gateway_id: 31 site_code: ffrgb_tst + +nat_pool: 194.156.22.32-194.156.22.33 diff --git a/roles/exit_ip/defaults/main.yml b/roles/exit_ip/defaults/main.yml index ce5be1b..d179c24 100644 --- a/roles/exit_ip/defaults/main.yml +++ b/roles/exit_ip/defaults/main.yml @@ -2,3 +2,4 @@ conntrack_max: 131072 fastd_instances: 3 +nat_pool: "{{ ansible_default_ipv4.address }}" diff --git a/roles/exit_ip/templates/rules.v4.j2 b/roles/exit_ip/templates/rules.v4.j2 index 87b9150..4697353 100644 --- a/roles/exit_ip/templates/rules.v4.j2 +++ b/roles/exit_ip/templates/rules.v4.j2 @@ -4,7 +4,7 @@ :INPUT ACCEPT [1:136] :OUTPUT ACCEPT [2:472] :POSTROUTING ACCEPT [0:0] --A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE +-A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j SNAT --to-source {{ nat_pool }} COMMIT *filter :INPUT ACCEPT [1124:131621]