working on router

roles/base/tasks/main.yml

@@ -9,6 +9,7 @@
     - imagemagick
     - keychain
     - libarchive-tools
+    - lsof
     - mg
     - nmap
     - nvi

roles/development/tasks/main.yml

@@ -10,6 +10,7 @@
     - cmake
     - devscripts
     - gcc
+    - ghc
     - git
     - golang-google-genproto-dev
     - golang-goprotobuf-dev

roles/server/defaults/main.yaml

@@ -1,2 +1,2 @@
 router_server: False
-
+router_if: eth0

roles/server/files/20-router.yaml.j2

@@ -0,0 +1,8 @@
+network:
+  version: 2
+  ethernets:
+    "{{ router_if }}":
+      dhcp4: False
+      dhcp6: False
+      addresses:
+        - "192.168.3.254/24"

roles/server/files/dnsmasq.conf.j2

@@ -0,0 +1,11 @@
+listen-address=::1,127.0.0.1,192.168.3.254
+interface={{ router_if }}
+domain=wntrmute.lan
+expand-hosts
+server=8.8.8.8
+server=8.8.4.4
+
+dhcp-range=192.168.3.1,192.168.3.30,24h
+dhcp-option=option:router,192.168.3.254
+dhcp-option=option:dns-server,8.8.8.8
+dhcp-authoritative

roles/server/files/hosts

@@ -0,0 +1,4 @@
+127.0.0.1	localhost
+
+192.168.3.1	cdev
+192.168.3.254	orion

roles/server/files/resolv.conf

@@ -0,0 +1,2 @@
+nameserver 8.8.8.8
+nameserver 8.8.4.4

roles/server/tasks/router.yaml

@@ -1,16 +1,54 @@
-- name: set up netplan
+- name: set up IPv4 forwarding
   become: true
-  ansible.builtin.file:
+  ansible.posix.sysctl:
-    content: |
+    name: net.ipv4.ip_forward
-      network:
+    value: '1'
-        version: 2
+    sysctl_set: true
-        ethernets:
+    state: present
-          eth0:
+    reload: true
-            dhcp4: False
+
-            dhcp6: False
+# # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-            addresses:
+- name: set up NAT table
-              - "192.168.4.254/24"
+  become: true
-    dest: /etc/netplan/20-router-eth0.yaml
+  ansible.builtin.iptables:
+    table: nat
+    chain: POSTROUTING
+    jump: MASQUERADE
+    in_interface: "{{ router_if }}"
+
+# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+- name: set up forwarding from {{ router_if }} to wlo1
+  become: true
+  ansible.builtin.iptables:
+    chain: FORWARD
+    in_interface: "{{ router_if }}"
+    out_interface: wlo1
+    ctstate: ESTABLISHED,RELATED
+    jump: ACCEPT
+
+# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
+- name: set up forwarding
+  become: true
+  ansible.builtin.iptables:
+    chain: FORWARD
+    in_interface: "{{ router_if }}"
+    out_interface: wlo1
+    jump: ACCEPT
+
+- name: copy hosts
+  become: true
+  ansible.builtin.copy:
+    src: "{{ role_path }}/files/hosts"
+    dest: /etc/hosts
+    mode: 0644
+    owner: root
+    group: root
+
+- name: set up netplan for {{ router_if }}
+  become: true
+  ansible.builtin.template:
+    src: "{{ role_path }}/files/20-router.yaml.j2"
+    dest: /etc/netplan/20-router-{{ router_if }}.yaml
     mode: 0644
     owner: root
     group: root
@@ -22,16 +60,29 @@
 
 - name: copy dnsmasq.conf
   become: true
-  ansible.builtin.copy:
+  ansible.builtin.template:
-    src: "{{ role_path }}/files/dnsmasq.conf"
+    src: "{{ role_path }}/files/dnsmasq.conf.j2"
     dest: /etc/dnsmasq.conf
     mode: 0644
     owner: root
     group: root
 
-- name: install netmasq
+- name: disable systemd-resolved
+  become: true
+  ansible.builtin.service:
+    name: systemd-resolved
+    enabled: false
+    state: stopped
+
+- name: install dnsmasq
   become: true
   ansible.builtin.apt:
     name: dnsmasq
     state: present
 
+- name: enable dnsmasq
+  become: true
+  ansible.builtin.service:
+    name: dnsmasq
+    enabled: true
+    state: restarted

site.yml

@@ -40,3 +40,5 @@
     dev_virt: True
     dev_embedded: True
     dev_rust: True
+    router_server: true
+    router_if: enp89s0