WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-12 19:06:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add nat-rules

Browse Source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
2018-02-08 15:29:38 +00:00
parent ace5dbaa17
commit d5ce7a014e
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inventory/host_vars/pagure-proxy01.fedoraproject.org
View File

@@ -3,7 +3,7 @@ nm: 255.255.255.128
gw: 152.19.134.129
dns: 8.8.8.8
custom_rules: [
nat_rules: [
'-t nat -A PREROUTING --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 140.211.169.204:22',
'-t nat -A POSTROUTING -p tcp --dst 140.211.169.204 --dport 22 -j SNAT --to-source 152.19.134.147',
'-t nat -A OUTPUT --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 140.211.169.204:22']

11
roles/base/templates/iptables/iptables
View File

@@ -110,3 +110,14 @@
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
{%- if nat_rules %}
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
{% for rule in nat_rules %}
{{ rule }}
{% endfor %}
{% endif %}