blob: 01bce6b62817905b9ba5a30dcd9bacffb99e6bfd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/bin/sh
# DO NOT EDIT! MANAGED BY ANSIBLE
set -e
ext=em2
subnets="10.10.0.0/16 10.100.0.0/16 10.20.0.0/16 10.30.0.0/16"
modprobe iptable_nat
# perform routing of r1-a1 with a public ip
iptables -t nat -A PREROUTING -d 64.28.108.83 -j DNAT --to-destination 10.64.0.101
iptables -t nat -A POSTROUTING -s 10.64.0.101 -j SNAT --to 64.28.108.83
# perform routing of r1-a2 with a public ip
iptables -t nat -A PREROUTING -d 64.28.108.84 -j DNAT --to-destination 10.64.0.102
iptables -t nat -A POSTROUTING -s 10.64.0.102 -j SNAT --to 64.28.108.84
# perform routing of r1-a3 with a public ip
iptables -t nat -A PREROUTING -d 64.28.108.85 -j DNAT --to-destination 10.64.0.103
iptables -t nat -A POSTROUTING -s 10.64.0.103 -j SNAT --to 64.28.108.85
# perform routing of r1-a21 (git-atx) with a public ip
iptables -t nat -A PREROUTING -d 64.28.108.189 -j DNAT --to-destination 10.10.0.121
iptables -t nat -A POSTROUTING -s 10.10.0.121 -j SNAT --to 64.28.108.189
for subnet in $subnets ; do
iptables -t nat -A POSTROUTING -s $subnet -o $ext -j MASQUERADE
iptables -A FORWARD -s $subnet -o $ext -j ACCEPT
iptables -A FORWARD -d $subnet -i $ext -m state --state RELATED,ESTABLISHED -j ACCEPT
# enable squid transparent proxy
iptables -t nat -A PREROUTING -s $subnet -p tcp --dport 80 -j REDIRECT --to 3129
done
|
