summaryrefslogtreecommitdiff
path: root/roles/colo-router/templates/iptables
blob: 059d629392441ded38de88a348bd513742c0c49b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/sh
# DO NOT EDIT! MANAGED BY ANSIBLE

set -e

ext={{ansible_default_ipv4.interface}}
subnets="
{% for vlan in vlans %}
  {% if vlan.masquerade is not defined or vlan.masquerade %}
{{ vlan.address | ipaddr('host/prefix') | ipaddr('network')}}/{{ vlan.address | ipaddr('host/prefix') | ipaddr('prefix')}}
  {% endif %}
{% endfor %}
"
modprobe iptable_nat

/usr/local/bin/manage_iptables.py sync

for subnet in $subnets ; do
	iptables -t nat -A POSTROUTING -s $subnet -o $ext -j MASQUERADE
	iptables -A FORWARD -s $subnet -o $ext -j ACCEPT
	iptables -A FORWARD -d $subnet -i $ext -m state --state RELATED,ESTABLISHED -j ACCEPT

	# enable squid transparent proxy
	iptables -t nat -A PREROUTING -s $subnet -p tcp --dport 80 -j REDIRECT --to 3129
done