add Final Infrastructure Setup
This commit is contained in:
commit
7733dde658
174 changed files with 204949 additions and 0 deletions
57
infrastructure/ansible/roles/router/tasks/main.yml
Normal file
57
infrastructure/ansible/roles/router/tasks/main.yml
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
- name: Aktiviere IPv4 Forwarding (Kernel)
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: "1"
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: Installiere iptables-persistent
|
||||
apt:
|
||||
name: iptables-persistent
|
||||
state: present
|
||||
|
||||
- name: Spüle existierende IPTables Regeln
|
||||
iptables:
|
||||
chain: "{{ item }}"
|
||||
flush: yes
|
||||
loop:
|
||||
- INPUT
|
||||
- FORWARD
|
||||
- OUTPUT
|
||||
|
||||
- name: Ermittle WAN Interface
|
||||
shell: ip route show default | awk '/default/ {print $5}'
|
||||
register: wan_interface
|
||||
changed_when: false
|
||||
|
||||
- name: Aktiviere Masquerading (NAT) auf dem WAN Interface
|
||||
iptables:
|
||||
table: nat
|
||||
chain: POSTROUTING
|
||||
out_interface: "{{ wan_interface.stdout }}"
|
||||
jump: MASQUERADE
|
||||
|
||||
- name: Erlaube Forwarding für internes Netz (10.10.0.0/16)
|
||||
iptables:
|
||||
chain: FORWARD
|
||||
source: 10.10.0.0/16
|
||||
destination: 10.10.0.0/16
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Erlaube Forwarding von Intern ins Internet (Established)
|
||||
iptables:
|
||||
chain: FORWARD
|
||||
ctstate: ESTABLISHED,RELATED
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Erlaube Forwarding von Intern ins Internet (New)
|
||||
iptables:
|
||||
chain: FORWARD
|
||||
source: 10.10.0.0/16
|
||||
out_interface: "{{ wan_interface.stdout }}"
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Speichere IPTables Regeln dauerhaft
|
||||
shell: netfilter-persistent save
|
||||
Loading…
Add table
Add a link
Reference in a new issue