Closed drupaladmin closed 6 years ago
I guess at the moment dmz
template supports only 1:1
mapping of public/private ports. I'll try to add custom ports soon. Thanks for the heads up. :-)
I can try to help you with this task.
What do you think about adding items to array "ports" containing: public_port: private_port:
If private_port is not defined we use only public_port.
I tried to add support with exactly the same parameters you are talking about, but I couldn't get the forwarding working just right and I have to work on some other thing at the moment. If you need this right now, I suggest that you could use custom
template and write iptables
commands directly as a post hook for some quick setup.
Current dmz
template is geared towards forwarding all traffic to another host transparently, perhaps separate template to forward ports around to local or remote host would be better suited for this.
I guess this issue should be resolved with the recent commit, see #85. Now you should be able to define e.g.:
ferm__host_rules:
- type: 'dmz'
name: 'my-forward'
public_ip: <your-public-address>
private_ip: <your-private-address>
protocol: 'tcp'
port: [ 40001 ]
dport: 30022
trying this:
ferm__host_rules:
- name: 'fwd_https_to_java'
type: 'dmz'
private_ip: '127.0.0.1'
public_ip: '{{ ansible_eth0.ipv4.address }}'
protocol: 'tcp'
port: '80'
dport: '9000'
Generated conf on target host:
domain (ip ip6) {
@def $PUBLIC_IP = ( @ipfilter( (192.168.111.218) ) );
@def $PRIVATE_IP = ( @ipfilter( (127.0.0.1) ) );
@if @ne($PUBLIC_IP,"") @if @ne($PRIVATE_IP,"") {
table filter chain FORWARD {
protocol (tcp) {
dport (80) {
destination $PRIVATE_IP ACCEPT;
}
}
}
table nat {
chain PREROUTING {
protocol (tcp) {
dport (80) {
destination $PUBLIC_IP DNAT to @cat($PRIVATE_IP, ":9000");
}
}
}
chain POSTROUTING {
source $PRIVATE_IP SNAT to $PUBLIC_IP;
}
}
}
}
ferm fails with:
(
$ PRIVATE_IP , ":9000"
)
<--
String expected
failed!
I get the same error as @stefangweichinger
Hmm, I think I forgot about that issue at the time, sorry - but it was my birthday afer all... Anyway, I'll try to debug this soon, thanks for the heads up.
am getting same error https://github.com/debops/ansible-ifupdown/issues/73
Hi!
Tell me please how to in DMZ forward port public_ip:40001 to private_ip:30022?