2 files changed, 15 insertions, 0 deletions

diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml
index 252685f2..bea257aa 100644
--- a/inventory/host_vars/sk-2019vm.yml
+++ b/inventory/host_vars/sk-2019vm.yml
@@ -20,6 +20,10 @@ vm_host:
     offsets:
       sk-testvm: 253
     nat: yes
+    # public:
+    #   prefix: 1.2.3.0/29
+    #   mappings:
+    #     sk-testvm: [ 0 ]
 
 
 ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}"
diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml
index 343a1b00..a6eb7333 100644
--- a/roles/vm/host/tasks/network.yml
+++ b/roles/vm/host/tasks/network.yml
@@ -21,6 +21,17 @@
         up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
         up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
         up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+      {% endif %}
+      {% if 'public' in vm_host.network %}
+      {%   for dest in vm_host.network.public.mappings %}
+      {%     for idx in vm_host.network.public.mappings[dest] %}
+        up /usr/sbin/ip route add {{ (vm_host.network.public.prefix | ipaddr(idx)).split('/')[0] }}/32 via {{ (vm_host.network.prefix | ipaddr(vm_host.network.offsets[dest])).split('/')[0] }}  # {{ dest }}
+      {%     endfor %}
+      {%   endfor %}
+        up /usr/sbin/ip route add unreachable {{ vm_host.network.public.prefix }}
+        down /usr/sbin/ip route del {{ vm_host.network.public.prefix }}
+      {% endif %}
+      {% if 'nat' in vm_host.network and vm_host.network.nat %}
         down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
       {% endif %}
   register: vmhost_interface_config