From 31e88617f11109078b44327b2abae8f9768e10f7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 24 Jun 2020 03:01:50 +0200
Subject: update ch-router and add ch-nic

---
 inventory/host_vars/ch-router.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'inventory/host_vars/ch-router.yml')

diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml
index 19622983..22864a59 100644
--- a/inventory/host_vars/ch-router.yml
+++ b/inventory/host_vars/ch-router.yml
@@ -1,6 +1,6 @@
 ---
 openwrt_variant: openwrt
-openwrt_release: 18.06.4
+openwrt_release: 19.07.3
 openwrt_arch: x86
 openwrt_target: 64
 openwrt_profile: Generic
@@ -153,6 +153,9 @@ openwrt_mixin:
         iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}"
         iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT
 
+        iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 53 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}"
+        iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" -p tcp --dport 53 -j ACCEPT
+
         iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
         iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
         iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT
@@ -303,7 +306,7 @@ openwrt_uci:
 
 virsh_domxml: |
   <domain type='kvm'>
-    <name>router</name>
+    <name>ch-router</name>
     <memory>131072</memory>
     <currentMemory>131072</currentMemory>
     <vcpu>2</vcpu>
-- 
cgit v1.2.3