ff

2024-09-03 20:02:24 +03:00
parent 8293817a3d
commit 77f2f04c61
3 changed files with 22 additions and 7 deletions
--- a/roles/configure/tasks/iptables.yaml
+++ b/roles/configure/tasks/iptables.yaml
@@ -132,11 +132,10 @@
 - name: Allow TCP MSS clamping
  command: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

-
 - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
  iptables:
    chain: FORWARD
-    in_interface: "{{ wifi_int.stdout }}"
+    in_interface: "br0"
    out_interface: "{{ lte_int.stdout }}"
    jump: ACCEPT
    action: insert
@@ -149,5 +148,21 @@
    table: nat
    out_interface: "{{ lte_int.stdout }}"

+# - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
+#   iptables:
+#     chain: FORWARD
+#     in_interface: "{{ wifi_int.stdout }}"
+#     out_interface: "{{ lte_int.stdout }}"
+#     jump: ACCEPT
+#     action: insert
+#     rule_num: 3 
+
+# - name: Enable masquerading for {{ lte_int.stdout }}
+#   iptables:
+#     chain: POSTROUTING
+#     jump: MASQUERADE
+#     table: nat
+#     out_interface: "{{ lte_int.stdout }}"
+
 - name: Save iptables rules
  command: iptables-save -f /etc/iptables/iptables.rules
--- a/roles/configure/tasks/main.yaml
+++ b/roles/configure/tasks/main.yaml
@@ -99,7 +99,7 @@
    loop_var: int_name
  tags: br
 - name: set ip for bridge
-  command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method manual 
+  command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method disabled 
  tags: br

 - name: set ip for bridge
@@ -115,7 +115,6 @@
    802-11-wireless-security.group ccmp \
    802-11-wireless-security.pairwise ccmp \
    802-11-wireless-security.psk {{ wifi_psk }} \
-    ipv4.method shared \

 - name: Run nmcli to activate wifi access point connection
  command: /usr/bin/nmcli c up {{ wifi_ssid }}
--- a/roles/configure/templates/dnsmasq.conf.j2
+++ b/roles/configure/templates/dnsmasq.conf.j2
@@ -1,7 +1,8 @@
 # MANAGED BY ANSIBLE DONT TOUCH BY HANDS #
-{% for interface in without_lte.stdout_lines %}
-interface={{ interface }}
-{% endfor %}
+# {% for interface in without_lte.stdout_lines %}
+# interface={{ interface }}
+# {% endfor %}
+interface=br0
 {% for nameserver in nameservers %}
 server={{ nameserver }}
 {% endfor %}