diff options
| -rw-r--r-- | chaos-at-home/ch-gw-lan.yml | 9 | ||||
| -rw-r--r-- | inventory/host_vars/ch-jump.yml | 11 | ||||
| -rw-r--r-- | inventory/hosts.ini | 4 |
3 files changed, 14 insertions, 10 deletions
diff --git a/chaos-at-home/ch-gw-lan.yml b/chaos-at-home/ch-gw-lan.yml index 64e1c8b8..11d65b17 100644 --- a/chaos-at-home/ch-gw-lan.yml +++ b/chaos-at-home/ch-gw-lan.yml @@ -19,13 +19,20 @@ define public_ipv4 = {{ network_zones.magenta.prefix | ipaddr(network_zones.magenta.offsets['ch-router']) | ipaddr('address') }} table ip nat { - chain prerouting { + chain public-services-prerouting { type nat hook prerouting priority -100; policy accept; iif $nic_lan ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" {% for name, svc in network_services.items() %} iif $nic_lan ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" {% endfor %} } + chain public-services-output { + type nat hook output priority -100; policy accept; + ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" + {% for name, svc in network_services.items() %} + ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" + {% endfor %} + } } dest: /etc/nftables.d/public-services.nft notify: reload nftables diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml index ac74fbc5..8514d68c 100644 --- a/inventory/host_vars/ch-jump.yml +++ b/inventory/host_vars/ch-jump.yml @@ -3,16 +3,15 @@ install_jumphost: ch-gw-lan install: vm: - memory: 768M + memory: 1G numcpus: 2 autostart: True disks: primary: /dev/sda scsi: sda: - type: lvm - vg: "{{ hostvars[vm_host.name].host_name }}" - lv: "{{ inventory_hostname }}" + type: zfs + name: root size: 10g interfaces: - bridge: br-svc @@ -41,8 +40,8 @@ network: sshd_jump_users: equinox: authorized_keys: "{{ users.equinox.ssh }}" - spel: - authorized_keys: "{{ users.spel.ssh }}" +# spel: +# authorized_keys: "{{ users.spel.ssh }}" # fim: # authorized_keys: # - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzW8lF2i036gsT2BHaOzpHLZUZkit5FsoYHWaiuc9xmruuhzHDzADV17RBMckaIkXRmPnC4I3AZdfFO+RO/7bBdDMAOTw9eyKAcqVWEaR3JDc8C+TFSj8HKRi52jrRXsGD1epJFmhwOFV4VdMXKGlnLrEpTBKn+ZPf6x6bm5pDSfVR3U9nTuXNT/vs+FkrJPvkUZ3iA1cAnK8cRd7Dkasrob9YiskwhWDLSS0bmvTUZatQUqrfUmVcXQqyCkqvHhbOVdYx+gWsjpKHuykSyQEqLTBRzb9UmvzCRjN7sq+QoMRv/CoT1cQjAsgHk4D2tadXuNvRqTgLqrifwK4F3XnCfR+29twm4wSKY+6NKjHjECvJ63JcBFu3jHLXN3ph4va9Tfegkt07W7pdnfrqYxp7veCTyufuByMmReo8s1dwNb2nuBS0HN7Unv2x42ClAzox60QJFgf4sOFCVvJPzhr4mO3ZXahuR75VPYHmsp3TGJZ8RekNyZspD9KWw3FuRiNsYHP/QEFI0gg7X0w7rRQ2CaALA6NGmko0nyTo8CiRkMWVY8rhwJiQ1Eb+mQRW0Y35yqegw3oG/OHEEYIoKD8/Or4KqmrBzGRmFogDjEGmB91iO8XxwfrR+RD3kY34xSr7FXVIYFMK1b3Y4GJ80z6CzU7C2M80wxRww8hqRO1AIw== fim@digl012 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 9d555778..d0ac5c09 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -332,7 +332,6 @@ ch-mimas ch-mimas2 ch-gnocchi ch-gw-lan -ch-jump s2-build lw-master sk-2019 @@ -348,7 +347,6 @@ ele-gwhetzner ## virtualization [vmhost-ch-gnocchi-guests] ch-router -ch-jump ch-gw-lan ch-nic [vmhost-ch-gnocchi] @@ -361,7 +359,7 @@ ch-testvm-phoebe ch-testvm-openwrt #ch-router ch-router-obsd -#ch-jump +ch-jump #ch-gw-lan #ch-nic [vmhost-ch-phoebe] |