59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
- name: install packages
|
|
apt:
|
|
name: ['iptables', 'ifupdown']
|
|
state: present
|
|
|
|
- name: ensure resolved is stopped and disabled
|
|
service:
|
|
name: systemd-resolved
|
|
enabled: false
|
|
state: stopped
|
|
|
|
- name: write config for lan interface
|
|
copy:
|
|
content: |
|
|
auto {{ dhcp_interface }}
|
|
allow-hotplug {{ dhcp_interface }}
|
|
iface {{ dhcp_interface }} inet static
|
|
address {{ server_ip }}
|
|
netmask {{ server_netmask }}
|
|
dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: lan_iface_cfg
|
|
|
|
- name: setup lan interface
|
|
shell: |
|
|
ifdown --force {{ dhcp_interface }} || true
|
|
ifup {{ dhcp_interface }}
|
|
when: lan_iface_cfg.changed
|
|
|
|
- name: enable permantent masquerading
|
|
copy:
|
|
content: |
|
|
*nat
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A POSTROUTING -o {{wan_interface}} -j MASQUERADE
|
|
COMMIT
|
|
dest: /etc/network/iptables.up.rules
|
|
register: iptables_up_rules
|
|
|
|
- name: apply iptables rules
|
|
iptables:
|
|
table: nat
|
|
chain: POSTROUTING
|
|
out_interface: "{{ wan_interface }}"
|
|
jump: MASQUERADE
|
|
|
|
- name: enable ip forwarding
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|