ff

roles/configure/tasks/iptables.yaml

@@ -132,11 +132,10 @@
 - name: Allow TCP MSS clamping
   command: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
-
 - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
   iptables:
     chain: FORWARD
-    in_interface: "{{ wifi_int.stdout }}"
+    in_interface: "br0"
     out_interface: "{{ lte_int.stdout }}"
     jump: ACCEPT
     action: insert
@@ -149,5 +148,21 @@
     table: nat
     out_interface: "{{ lte_int.stdout }}"
 
+# - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
+#   iptables:
+#     chain: FORWARD
+#     in_interface: "{{ wifi_int.stdout }}"
+#     out_interface: "{{ lte_int.stdout }}"
+#     jump: ACCEPT
+#     action: insert
+#     rule_num: 3 
+
+# - name: Enable masquerading for {{ lte_int.stdout }}
+#   iptables:
+#     chain: POSTROUTING
+#     jump: MASQUERADE
+#     table: nat
+#     out_interface: "{{ lte_int.stdout }}"
+
 - name: Save iptables rules
   command: iptables-save -f /etc/iptables/iptables.rules

roles/configure/tasks/main.yaml

@@ -99,7 +99,7 @@
     loop_var: int_name
   tags: br
 - name: set ip for bridge
-  command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method manual 
+  command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method disabled 
   tags: br
 
 - name: set ip for bridge
@@ -115,7 +115,6 @@
     802-11-wireless-security.group ccmp \
     802-11-wireless-security.pairwise ccmp \
     802-11-wireless-security.psk {{ wifi_psk }} \
-    ipv4.method shared \
 
 - name: Run nmcli to activate wifi access point connection
   command: /usr/bin/nmcli c up {{ wifi_ssid }}