From 98a69736c0bbdbfdb15e181dfeac161f8214e4ff Mon Sep 17 00:00:00 2001 From: Aleksandr Malyavin Date: Tue, 3 Sep 2024 20:22:50 +0300 Subject: [PATCH] ff --- roles/configure/tasks/iptables.yaml | 19 ++---------------- roles/configure/tasks/main.yaml | 31 ++++++++--------------------- 2 files changed, 10 insertions(+), 40 deletions(-) diff --git a/roles/configure/tasks/iptables.yaml b/roles/configure/tasks/iptables.yaml index 9517394..4be9837 100644 --- a/roles/configure/tasks/iptables.yaml +++ b/roles/configure/tasks/iptables.yaml @@ -132,10 +132,11 @@ - name: Allow TCP MSS clamping command: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }} iptables: chain: FORWARD - in_interface: "br0" + in_interface: "{{ wifi_int.stdout }}" out_interface: "{{ lte_int.stdout }}" jump: ACCEPT action: insert @@ -148,21 +149,5 @@ table: nat out_interface: "{{ lte_int.stdout }}" -# - name: Allow traffic from {{ wifi_int.stdout }} to {{ lte_int.stdout }} -# iptables: -# chain: FORWARD -# in_interface: "{{ wifi_int.stdout }}" -# out_interface: "{{ lte_int.stdout }}" -# jump: ACCEPT -# action: insert -# rule_num: 3 - -# - name: Enable masquerading for {{ lte_int.stdout }} -# iptables: -# chain: POSTROUTING -# jump: MASQUERADE -# table: nat -# out_interface: "{{ lte_int.stdout }}" - - name: Save iptables rules command: iptables-save -f /etc/iptables/iptables.rules \ No newline at end of file diff --git a/roles/configure/tasks/main.yaml b/roles/configure/tasks/main.yaml index ba9c4eb..ae99aaa 100644 --- a/roles/configure/tasks/main.yaml +++ b/roles/configure/tasks/main.yaml @@ -80,33 +80,15 @@ set_fact: nmcli_failed: "{{ nmcli_result.rc != 0 }}" -# - name: Run nmcli to add a connection with the specified parameters as a wifi access point if above check has failed -# command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap ip4 {{ wifi_int_ip }} -# when: nmcli_failed - name: Run nmcli to add a connection with the specified parameters as a wifi access point if above check has failed - command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap + command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap ip4 {{ wifi_int_ip }} + when: nmcli_failed +- name: Configure physical interface + command: /usr/bin/nmcli c add autoconnect yes save yes con-name eth1 ifname enp90s0 type ethernet ipv4.method manual ipv4.address 10.1.10.2 + when: nmcli_failed - name: Run nmcli to add a connection LTE command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ LTE_con_name }} ifname cdc-wdm0 type gsm apn "internet" - tags: br -- name: Configure bridge - command: /usr/bin/nmcli c add type bridge ifname br0 autoconnect yes save yes con-name bridge - tags: br -- name: Configure bridge1 - command: /usr/bin/nmcli c add type bridge-slave ifname {{ int_name }} master br0 - loop: - - wlp88s0 - - enp90s0 - loop_control: - loop_var: int_name - tags: br -- name: set ip for bridge - command: /usr/bin/nmcli c mod bridge ipv4.addr {{ wifi_int_ip }}/24 ipv4.method static - tags: br - -- name: set ip for bridge - command: /usr/bin/nmcli c up bridge - tags: br - name: Run nmcli to add WPA-PSK security to the wifi connection command: /usr/bin/nmcli c mod {{ wifi_ssid }} \ @@ -117,6 +99,9 @@ 802-11-wireless-security.group ccmp \ 802-11-wireless-security.pairwise ccmp \ 802-11-wireless-security.psk {{ wifi_psk }} \ + ipv4.method shared \ + ipv4.addr {{ wifi_int_ip }}/24 + - name: Run nmcli to activate wifi access point connection command: /usr/bin/nmcli c up {{ wifi_ssid }}