From a9142187f22115a4d1ca8c38323473df89a79f16 Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 16 Dec 2016 00:12:46 +0100 Subject: [PATCH] add upstream.port-forwarding --- salt-pillar/upstream/upstream2.sls | 5 +++++ salt/top.sls | 1 + salt/upstream/port-forwarding | 7 +++++++ salt/upstream/port-forwarding.sls | 13 +++++++++++++ 4 files changed, 26 insertions(+) create mode 100644 salt/upstream/port-forwarding create mode 100644 salt/upstream/port-forwarding.sls diff --git a/salt-pillar/upstream/upstream2.sls b/salt-pillar/upstream/upstream2.sls index 96ef784..211754e 100644 --- a/salt-pillar/upstream/upstream2.sls +++ b/salt-pillar/upstream/upstream2.sls @@ -4,3 +4,8 @@ upstream: up-bandwidth: 6200 flow-keys: nfct-src flows: 2048 + +port-forwarding: + - proto: udp + port: 1194 + to: 172.20.74.9:1194 diff --git a/salt/top.sls b/salt/top.sls index ffaf307..9e9805a 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -28,6 +28,7 @@ base: 'upstream2': - upstream.6slac - upstream.nat66 + - upstream.port-forwarding 'anon*': - no-ssh - forwarding diff --git a/salt/upstream/port-forwarding b/salt/upstream/port-forwarding new file mode 100644 index 000000000..bd9577f --- /dev/null +++ b/salt/upstream/port-forwarding @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ "$IFACE" = "{{ interface }}" ]; then +{%- for fwd in ports %} + iptables -t nat -A PREROUTING -i {{ interface }} -p {{ fwd.proto }} --dport {{ fwd.port }} -j DNAT --to-destination {{ fwd.to }} +{%- endfor %} +fi diff --git a/salt/upstream/port-forwarding.sls b/salt/upstream/port-forwarding.sls new file mode 100644 index 000000000..5abc6c5 --- /dev/null +++ b/salt/upstream/port-forwarding.sls @@ -0,0 +1,13 @@ +{%- set interface = pillar['upstream']['interface'] %} +{%- set ports = pillar['port-forwarding'] %} + +/etc/network/if-up.d/port-forwarding: + file.managed: + - source: salt://upstream/port-forwarding + - template: 'jinja' + - context: + interface: {{ interface }} + ports: {{ ports }} + - mode: 755 + - require: + - pkg: iptables