dstokes/out.log Secret

## out.log
2014-10-24 17:22:31,199 [salt.state       ][INFO    ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.199274
2014-10-24 17:22:31,200 [salt.state       ][INFO    ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT
2014-10-24 17:22:31,200 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root'
2014-10-24 17:22:31,205 [salt.state       ][INFO    ] unless execution succeeded
2014-10-24 17:22:31,205 [salt.state       ][INFO    ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.205137
2014-10-24 17:22:31,205 [salt.state       ][INFO    ] Running state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.205404
2014-10-24 17:22:31,206 [salt.state       ][INFO    ] Executing state cmd.run for sysctl -w net.ipv4.ip_forward=1
2014-10-24 17:22:31,206 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root'
2014-10-24 17:22:31,210 [salt.state       ][INFO    ] unless execution succeeded
2014-10-24 17:22:31,211 [salt.state       ][INFO    ] Completed state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.210630
2014-10-24 17:22:31,211 [salt.state       ][INFO    ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.210940
2014-10-24 17:22:31,211 [salt.state       ][INFO    ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT
2014-10-24 17:22:31,212 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root'
2014-10-24 17:22:31,216 [salt.state       ][INFO    ] unless execution succeeded
2014-10-24 17:22:31,216 [salt.state       ][INFO    ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.216354
2014-10-24 17:22:31,217 [salt.state       ][INFO    ] Running state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.216607
2014-10-24 17:22:31,217 [salt.state       ][INFO    ] Executing state cmd.run for iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
2014-10-24 17:22:31,217 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root'
2014-10-24 17:22:31,222 [salt.state       ][INFO    ] unless execution succeeded
2014-10-24 17:22:31,222 [salt.state       ][INFO    ] Completed state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.222027
2014-10-24 17:22:31,222 [salt.state       ][INFO    ] Running state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.222276
2014-10-24 17:22:31,223 [salt.state       ][INFO    ] Executing state cmd.run for iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT
2014-10-24 17:22:31,223 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root'
2014-10-24 17:22:31,227 [salt.state       ][INFO    ] unless execution succeeded
2014-10-24 17:22:31,228 [salt.state       ][INFO    ] Completed state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.227673

## state.sls
configure_openvpn_NAT:
  cmd.run:
    - names:
      - echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
      - sysctl -w net.ipv4.ip_forward=1
      # Allow traffic initiated from VPN to access LAN
      - iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -d {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT
      # Allow traffic initiated from VPN to access "the world"
      - iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -m conntrack --ctstate NEW -j ACCEPT
      # Allow traffic initiated from LAN to access "the world"
      - iptables -I FORWARD -i eth0 -s {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT
      # Allow established traffic to pass back and forth
      - iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
      # Masquerade traffic from VPN to "the world" -- done in the nat table
      - iptables -t nat -I POSTROUTING -o eth0 -s {{ pool }}/20 -j MASQUERADE
      # Masquerade traffic from LAN to "the world"
      - iptables -t nat -I POSTROUTING -o eth0 -s {{ subnet }}/16 -j MASQUERADE
    - unless: iptables -t nat -nL | grep MASQUERADE>/dev/null
	2014-10-24 17:22:31,199 [salt.state ][INFO ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.199274
	2014-10-24 17:22:31,200 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT
	2014-10-24 17:22:31,200 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL \| grep MASQUERADE>/dev/null' in directory '/root'
	2014-10-24 17:22:31,205 [salt.state ][INFO ] unless execution succeeded
	2014-10-24 17:22:31,205 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.205137
	2014-10-24 17:22:31,205 [salt.state ][INFO ] Running state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.205404
	2014-10-24 17:22:31,206 [salt.state ][INFO ] Executing state cmd.run for sysctl -w net.ipv4.ip_forward=1
	2014-10-24 17:22:31,206 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL \| grep MASQUERADE>/dev/null' in directory '/root'
	2014-10-24 17:22:31,210 [salt.state ][INFO ] unless execution succeeded
	2014-10-24 17:22:31,211 [salt.state ][INFO ] Completed state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.210630
	2014-10-24 17:22:31,211 [salt.state ][INFO ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.210940
	2014-10-24 17:22:31,211 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT
	2014-10-24 17:22:31,212 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL \| grep MASQUERADE>/dev/null' in directory '/root'
	2014-10-24 17:22:31,216 [salt.state ][INFO ] unless execution succeeded
	2014-10-24 17:22:31,216 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.216354
	2014-10-24 17:22:31,217 [salt.state ][INFO ] Running state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.216607
	2014-10-24 17:22:31,217 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	2014-10-24 17:22:31,217 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL \| grep MASQUERADE>/dev/null' in directory '/root'
	2014-10-24 17:22:31,222 [salt.state ][INFO ] unless execution succeeded
	2014-10-24 17:22:31,222 [salt.state ][INFO ] Completed state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.222027
	2014-10-24 17:22:31,222 [salt.state ][INFO ] Running state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.222276
	2014-10-24 17:22:31,223 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT
	2014-10-24 17:22:31,223 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL \| grep MASQUERADE>/dev/null' in directory '/root'
	2014-10-24 17:22:31,227 [salt.state ][INFO ] unless execution succeeded
	2014-10-24 17:22:31,228 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.227673
	configure_openvpn_NAT:
	cmd.run:
	- names:
	- echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
	- sysctl -w net.ipv4.ip_forward=1
	# Allow traffic initiated from VPN to access LAN
	- iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -d {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT
	# Allow traffic initiated from VPN to access "the world"
	- iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -m conntrack --ctstate NEW -j ACCEPT
	# Allow traffic initiated from LAN to access "the world"
	- iptables -I FORWARD -i eth0 -s {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT
	# Allow established traffic to pass back and forth
	- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	# Masquerade traffic from VPN to "the world" -- done in the nat table
	- iptables -t nat -I POSTROUTING -o eth0 -s {{ pool }}/20 -j MASQUERADE
	# Masquerade traffic from LAN to "the world"
	- iptables -t nat -I POSTROUTING -o eth0 -s {{ subnet }}/16 -j MASQUERADE
	- unless: iptables -t nat -nL \| grep MASQUERADE>/dev/null