add upstream.port-forwarding
This commit is contained in:
parent
2a1b30253c
commit
a9142187f2
|
@ -4,3 +4,8 @@ upstream:
|
||||||
up-bandwidth: 6200
|
up-bandwidth: 6200
|
||||||
flow-keys: nfct-src
|
flow-keys: nfct-src
|
||||||
flows: 2048
|
flows: 2048
|
||||||
|
|
||||||
|
port-forwarding:
|
||||||
|
- proto: udp
|
||||||
|
port: 1194
|
||||||
|
to: 172.20.74.9:1194
|
||||||
|
|
|
@ -28,6 +28,7 @@ base:
|
||||||
'upstream2':
|
'upstream2':
|
||||||
- upstream.6slac
|
- upstream.6slac
|
||||||
- upstream.nat66
|
- upstream.nat66
|
||||||
|
- upstream.port-forwarding
|
||||||
'anon*':
|
'anon*':
|
||||||
- no-ssh
|
- no-ssh
|
||||||
- forwarding
|
- forwarding
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
|
{%- for fwd in ports %}
|
||||||
|
iptables -t nat -A PREROUTING -i {{ interface }} -p {{ fwd.proto }} --dport {{ fwd.port }} -j DNAT --to-destination {{ fwd.to }}
|
||||||
|
{%- endfor %}
|
||||||
|
fi
|
|
@ -0,0 +1,13 @@
|
||||||
|
{%- set interface = pillar['upstream']['interface'] %}
|
||||||
|
{%- set ports = pillar['port-forwarding'] %}
|
||||||
|
|
||||||
|
/etc/network/if-up.d/port-forwarding:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/port-forwarding
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ interface }}
|
||||||
|
ports: {{ ports }}
|
||||||
|
- mode: 755
|
||||||
|
- require:
|
||||||
|
- pkg: iptables
|
Loading…
Reference in New Issue