Add bidirectional forward permissions and allow ipv4 forwards in the kernel

This commit is contained in:
Alex 2020-05-31 12:00:52 +02:00
parent b92cd5294b
commit 0cd36bf935
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
2 changed files with 9 additions and 2 deletions

View File

@ -11,3 +11,10 @@
- config
- wireguard
- vault
- name: Enable forwarding in sysctl
loop:
- { name: "net.ipv4.ip_forward", value: "1" }
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: yes

View File

@ -1,7 +1,7 @@
[Interface]
Address = {{ wireguard.net.v4.addr }}.1/{{ wireguard.net.v4.range.serv }}, {{ wireguard.net.v6.addr }}:1/{{ wireguard.net.v6.range.serv }}
PostUp = iptables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -A FORWARD -o {{ wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -o {{ wireguard.interface }} -j ACCEPT; ip6tables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -o {{ wireguard.interface }} -j ACCEPT; iptables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -o {{ wireguard.interface }} -j ACCEPT; ip6tables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = {{ wireguard.port }}
PrivateKey = {{ vault_wireguard.privkey }}