add upstream.port-forwarding

2016-12-16 00:12:46 +01:00 · 2016-12-16 00:12:46 +01:00 · a9142187f2
parent 2a1b30253c
commit a9142187f2
4 changed files with 26 additions and 0 deletions
--- a/salt-pillar/upstream/upstream2.sls
+++ b/salt-pillar/upstream/upstream2.sls
@ -4,3 +4,8 @@ upstream:
  up-bandwidth: 6200
  flow-keys: nfct-src
  flows: 2048
+
+port-forwarding:
+  - proto: udp
+    port: 1194
+    to: 172.20.74.9:1194
--- a/salt/top.sls
+++ b/salt/top.sls
@ -28,6 +28,7 @@ base:
  'upstream2':
    - upstream.6slac
    - upstream.nat66
+    - upstream.port-forwarding
  'anon*':
    - no-ssh
    - forwarding
--- a/salt/upstream/port-forwarding
+++ b/salt/upstream/port-forwarding
@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ "$IFACE" = "{{ interface }}" ]; then
+{%- for fwd in ports %}
+   iptables -t nat -A PREROUTING -i {{ interface }} -p {{ fwd.proto }} --dport {{ fwd.port }} -j DNAT --to-destination {{ fwd.to }}
+{%- endfor %}
+fi
--- a/salt/upstream/port-forwarding.sls
+++ b/salt/upstream/port-forwarding.sls
@ -0,0 +1,13 @@
+{%- set interface = pillar['upstream']['interface'] %}
+{%- set ports = pillar['port-forwarding'] %}
+
+/etc/network/if-up.d/port-forwarding:
+  file.managed:
+    - source: salt://upstream/port-forwarding
+    - template: 'jinja'
+    - context:
+        interface: {{ interface }}
+        ports: {{ ports }}
+    - mode: 755
+    - require:
+        - pkg: iptables