nuc7ear/nm
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ff

Browse Source
This commit is contained in:
Aleksandr Malyavin
2024-09-03 20:02:24 +03:00
parent 8293817a3d
commit 77f2f04c61
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
roles/configure/tasks/iptables.yaml
View File

@@ -132,11 +132,10 @@
- name: Allow TCP MSS clamping - name: Allow TCP MSS clamping
command: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu command: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
- name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }} - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
iptables: iptables:
chain: FORWARD chain: FORWARD
in_interface: "{{ wifi_int.stdout }}" in_interface: "br0"
out_interface: "{{ lte_int.stdout }}" out_interface: "{{ lte_int.stdout }}"
jump: ACCEPT jump: ACCEPT
action: insert action: insert
@@ -149,5 +148,21 @@
table: nat table: nat
out_interface: "{{ lte_int.stdout }}" out_interface: "{{ lte_int.stdout }}"
# - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }}
# iptables:
# chain: FORWARD
# in_interface: "{{ wifi_int.stdout }}"
# out_interface: "{{ lte_int.stdout }}"
# jump: ACCEPT
# action: insert
# rule_num: 3
# - name: Enable masquerading for {{ lte_int.stdout }}
# iptables:
# chain: POSTROUTING
# jump: MASQUERADE
# table: nat
# out_interface: "{{ lte_int.stdout }}"
- name: Save iptables rules - name: Save iptables rules
command: iptables-save -f /etc/iptables/iptables.rules command: iptables-save -f /etc/iptables/iptables.rules

3
roles/configure/tasks/main.yaml
View File

@@ -99,7 +99,7 @@
loop_var: int_name loop_var: int_name
tags: br tags: br
- name: set ip for bridge - name: set ip for bridge
command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method manual command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method disabled
tags: br tags: br
- name: set ip for bridge - name: set ip for bridge
@@ -115,7 +115,6 @@
802-11-wireless-security.group ccmp \ 802-11-wireless-security.group ccmp \
802-11-wireless-security.pairwise ccmp \ 802-11-wireless-security.pairwise ccmp \
802-11-wireless-security.psk {{ wifi_psk }} \ 802-11-wireless-security.psk {{ wifi_psk }} \
ipv4.method shared \
- name: Run nmcli to activate wifi access point connection - name: Run nmcli to activate wifi access point connection
command: /usr/bin/nmcli c up {{ wifi_ssid }} command: /usr/bin/nmcli c up {{ wifi_ssid }}

7
roles/configure/templates/dnsmasq.conf.j2
View File

@@ -1,7 +1,8 @@
# MANAGED BY ANSIBLE DONT TOUCH BY HANDS # # MANAGED BY ANSIBLE DONT TOUCH BY HANDS #
{% for interface in without_lte.stdout_lines %} # {% for interface in without_lte.stdout_lines %}
interface={{ interface }} # interface={{ interface }}
{% endfor %} # {% endfor %}
interface=br0
{% for nameserver in nameservers %} {% for nameserver in nameservers %}
server={{ nameserver }} server={{ nameserver }}
{% endfor %} {% endfor %}