38 lines
993 B
YAML
38 lines
993 B
YAML
---
|
|
|
|
|
|
###############################################
|
|
# Configure internet_interface to be gateway
|
|
###############################################
|
|
|
|
# Update sysctl.conf file to enable IP forwarding
|
|
- name: sysctl - enable IP forwarding
|
|
lineinfile:
|
|
path: /etc/sysctl.conf
|
|
regexp: '^net.ipv4.ip_forward='
|
|
line: 'net.ipv4.ip_forward=1'
|
|
|
|
# Apply sysctl changes
|
|
- name: sysctl - apply changes
|
|
shell: sysctl -p
|
|
|
|
# Set up NAT with iptables
|
|
- name: NAT - iptables
|
|
shell: iptables -t nat -A POSTROUTING -o {{ internet_interface }} -j MASQUERADE
|
|
|
|
# Set up Routing with IP Tables
|
|
- name: Routing - iptables
|
|
shell: |
|
|
iptables -A FORWARD -i {{ listen_interface }} -o {{ internet_interface }} -j ACCEPT
|
|
iptables -A FORWARD -i {{ internet_interface }} -o {{ listen_interface }} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
# Make iptables rules persistent
|
|
- name: Persistence - iptables
|
|
shell: |
|
|
netfilter-persistent save
|
|
netfilter-persistent reload
|
|
|
|
|
|
...
|
|
|