Add IPv4 exit via NAT

2017-03-27 21:00:03 +02:00 · 2017-03-27 21:00:03 +02:00 · c05c0cafcd
parent b9efe6c8be
commit c05c0cafcd
4 changed files with 26 additions and 0 deletions
--- a/roles/exit-ipv4/handlers/main.yml
+++ b/roles/exit-ipv4/handlers/main.yml
@ -0,0 +1,4 @@
+---
+
+- name: Reload iptables
+  shell: iptables-restore < /etc/iptables/rules.v4
--- a/roles/exit-ipv4/tasks/main.yml
+++ b/roles/exit-ipv4/tasks/main.yml
@ -0,0 +1,8 @@
+---
+
+- name: Install iptables-persistent
+  apt: name=iptables-persistent state=present
+
+- name: Configure iptables
+  template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
+  notify: Reload iptables
--- a/roles/exit-ipv4/templates/rules.v4.j2
+++ b/roles/exit-ipv4/templates/rules.v4.j2
@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+*nat
+:PREROUTING ACCEPT [1:136]
+:INPUT ACCEPT [1:136]
+:OUTPUT ACCEPT [2:472]
+:POSTROUTING ACCEPT [0:0]
+-A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
+*filter
+:INPUT ACCEPT [1124:131621]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [1151:175226]
+COMMIT
--- a/site.yml
+++ b/site.yml
@ -13,6 +13,7 @@
  - batman
  - fastd
  - mesh-interfaces
+  - exit-ipv4
  - dns
  - dhcpd
  - respondd