From 99ce768a7d6fe9e828caf932554c4e095c1d00b2 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Fri, 11 Jan 2019 07:45:58 +0100
Subject: lxc-host: Moving to its own playbook. Adding arius-test1. Only
 configuring ipv4/6 forwarding for the created interface. Adding configurable
 ipv6 address too. wireguard: Tagging old nets with never. nftables: Trying
 out portforwarding on arius.

---
 ansible/host_vars/arius/lxc.yml      |  4 ++++
 ansible/host_vars/arius/nftables.yml | 23 +++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 ansible/host_vars/arius/lxc.yml

(limited to 'ansible/host_vars/arius')

diff --git a/ansible/host_vars/arius/lxc.yml b/ansible/host_vars/arius/lxc.yml
new file mode 100644
index 0000000..5eea54d
--- /dev/null
+++ b/ansible/host_vars/arius/lxc.yml
@@ -0,0 +1,4 @@
+lxc_host__containers:
+  test1:
+    state: started
+    host_database: arius-test1
diff --git a/ansible/host_vars/arius/nftables.yml b/ansible/host_vars/arius/nftables.yml
index 6f4f167..8a276ff 100644
--- a/ansible/host_vars/arius/nftables.yml
+++ b/ansible/host_vars/arius/nftables.yml
@@ -43,3 +43,26 @@ nftables_tables:
           - position: 1
             statement: ""
 #            statement: "ip daddr 192.0.2.100 counter"
+
+  - name: nat
+    family: ip
+    chains:
+      - name: "prerouting"
+        base:
+          type: "nat"
+          hook: "prerouting"
+          priority: 0
+        rules:
+#          - position: 1
+#            statement: "iif wlp1s0 tcp dport { 2222 } dnat 192.168.10.176:22"
+          - position: 1
+            statement: ""
+
+      - name: "postrouting"
+        base:
+          type: "nat"
+          hook: "postrouting"
+          priority: 100
+        rules:
+          - position: 1
+            statement: "masquerade random,persistent"
-- 
cgit v1.2.3