| # Copyright 2020-present Open Networking Foundation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| --- |
| - name: Create netplan config file for SGI and S1U gateway interfaces |
| template: |
| src: etc/netplan/sgi-s1u-gateway.yaml.j2 |
| dest: "{{ netplan_config_file }}" |
| notify: |
| - netplan generate |
| - netplan apply |
| tags: router |
| |
| - name: Install iptables-persistent |
| apt: |
| name: iptables-persistent |
| state: present |
| update_cache: yes |
| tags: router |
| |
| - name: Ensure ip_forward enabled |
| sysctl: |
| name: net.ipv4.ip_forward |
| value: '1' |
| sysctl_set: yes |
| state: present |
| tags: router |
| |
| - name: Set default forwarding policy to ACCEPT |
| iptables: |
| chain: FORWARD |
| policy: ACCEPT |
| tags: router |
| |
| - name: Add SNAT |
| iptables: |
| table: nat |
| chain: POSTROUTING |
| out_interface: "{{ ansible_default_ipv4.interface }}" |
| jump: MASQUERADE |
| tags: router |
| |
| - name: Save iptables v4 rules |
| shell: iptables-save > /etc/iptables/rules.v4 |
| changed_when: False |
| tags: router |