Firewall configuration without MASQUERADE
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
bbac76023c
commit
a82edc3e24
2 changed files with 24 additions and 13 deletions
|
@ -57,24 +57,29 @@ nat = [
|
||||||
},
|
},
|
||||||
'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
|
'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
|
||||||
'extra_nat' : {
|
'extra_nat' : {
|
||||||
|
'ens19': {
|
||||||
'10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
|
'10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
|
||||||
apartment_block_id }}',
|
apartment_block_id }}',
|
||||||
'10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}'
|
'10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'name': 'Accueil',
|
'name': 'Accueil',
|
||||||
'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16',
|
'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16',
|
||||||
'extra_nat': {
|
'extra_nat': {
|
||||||
'10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{
|
'ens19': {
|
||||||
apartment_block_id }}',
|
'10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ apartment_block_id }}',
|
||||||
'10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}'
|
'10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}',
|
||||||
|
},
|
||||||
|
'ens23' : {
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.1.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
|
||||||
|
'10.{{ subnet_ids.users_accueil }}.2.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'extra_nat_group': {
|
||||||
|
'ens19': 'accueil_ens23_allowed',
|
||||||
},
|
},
|
||||||
'extra_nat_group': 'accueil_ens23_allowed',
|
|
||||||
'masquerade': [
|
|
||||||
'10.{{ subnet_ids.users_accueil }}.1.0/24',
|
|
||||||
'10.{{ subnet_ids.users_accueil }}.2.0/24',
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -41,9 +41,15 @@ nat = [
|
||||||
{
|
{
|
||||||
'name' : 'AdminVlans',
|
'name' : 'AdminVlans',
|
||||||
'extra_nat' : {
|
'extra_nat' : {
|
||||||
|
'ens18': {
|
||||||
'10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}',
|
'10.129.0.254/32' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
|
},
|
||||||
|
'ens19': {
|
||||||
'10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
'10.128.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
'10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}'
|
},
|
||||||
|
'ens20': {
|
||||||
|
'10.130.0.0/16' : '45.66.111.{{ router_hard_ip_suffix }}',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in a new issue