working on router
This commit is contained in:
@@ -1,16 +1,54 @@
|
||||
- name: set up netplan
|
||||
- name: set up IPv4 forwarding
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
content: |
|
||||
network:
|
||||
version: 2
|
||||
ethernets:
|
||||
eth0:
|
||||
dhcp4: False
|
||||
dhcp6: False
|
||||
addresses:
|
||||
- "192.168.4.254/24"
|
||||
dest: /etc/netplan/20-router-eth0.yaml
|
||||
ansible.posix.sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: '1'
|
||||
sysctl_set: true
|
||||
state: present
|
||||
reload: true
|
||||
|
||||
# # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
- name: set up NAT table
|
||||
become: true
|
||||
ansible.builtin.iptables:
|
||||
table: nat
|
||||
chain: POSTROUTING
|
||||
jump: MASQUERADE
|
||||
in_interface: "{{ router_if }}"
|
||||
|
||||
# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
- name: set up forwarding from {{ router_if }} to wlo1
|
||||
become: true
|
||||
ansible.builtin.iptables:
|
||||
chain: FORWARD
|
||||
in_interface: "{{ router_if }}"
|
||||
out_interface: wlo1
|
||||
ctstate: ESTABLISHED,RELATED
|
||||
jump: ACCEPT
|
||||
|
||||
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
||||
- name: set up forwarding
|
||||
become: true
|
||||
ansible.builtin.iptables:
|
||||
chain: FORWARD
|
||||
in_interface: "{{ router_if }}"
|
||||
out_interface: wlo1
|
||||
jump: ACCEPT
|
||||
|
||||
- name: copy hosts
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ role_path }}/files/hosts"
|
||||
dest: /etc/hosts
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: set up netplan for {{ router_if }}
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/files/20-router.yaml.j2"
|
||||
dest: /etc/netplan/20-router-{{ router_if }}.yaml
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
@@ -22,16 +60,29 @@
|
||||
|
||||
- name: copy dnsmasq.conf
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ role_path }}/files/dnsmasq.conf"
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/files/dnsmasq.conf.j2"
|
||||
dest: /etc/dnsmasq.conf
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: install netmasq
|
||||
- name: disable systemd-resolved
|
||||
become: true
|
||||
ansible.builtin.service:
|
||||
name: systemd-resolved
|
||||
enabled: false
|
||||
state: stopped
|
||||
|
||||
- name: install dnsmasq
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: dnsmasq
|
||||
state: present
|
||||
|
||||
- name: enable dnsmasq
|
||||
become: true
|
||||
ansible.builtin.service:
|
||||
name: dnsmasq
|
||||
enabled: true
|
||||
state: restarted
|
||||
|
||||
Reference in New Issue
Block a user