-
-
Save dstokes/9f3f976568a9116bb836 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2014-10-24 17:22:31,199 [salt.state ][INFO ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.199274 | |
2014-10-24 17:22:31,200 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT | |
2014-10-24 17:22:31,200 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root' | |
2014-10-24 17:22:31,205 [salt.state ][INFO ] unless execution succeeded | |
2014-10-24 17:22:31,205 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -d 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.205137 | |
2014-10-24 17:22:31,205 [salt.state ][INFO ] Running state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.205404 | |
2014-10-24 17:22:31,206 [salt.state ][INFO ] Executing state cmd.run for sysctl -w net.ipv4.ip_forward=1 | |
2014-10-24 17:22:31,206 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root' | |
2014-10-24 17:22:31,210 [salt.state ][INFO ] unless execution succeeded | |
2014-10-24 17:22:31,211 [salt.state ][INFO ] Completed state [sysctl -w net.ipv4.ip_forward=1] at time 17:22:31.210630 | |
2014-10-24 17:22:31,211 [salt.state ][INFO ] Running state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.210940 | |
2014-10-24 17:22:31,211 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT | |
2014-10-24 17:22:31,212 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root' | |
2014-10-24 17:22:31,216 [salt.state ][INFO ] unless execution succeeded | |
2014-10-24 17:22:31,216 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i tun0 -o eth0 -s /20 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.216354 | |
2014-10-24 17:22:31,217 [salt.state ][INFO ] Running state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.216607 | |
2014-10-24 17:22:31,217 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
2014-10-24 17:22:31,217 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root' | |
2014-10-24 17:22:31,222 [salt.state ][INFO ] unless execution succeeded | |
2014-10-24 17:22:31,222 [salt.state ][INFO ] Completed state [iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT] at time 17:22:31.222027 | |
2014-10-24 17:22:31,222 [salt.state ][INFO ] Running state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.222276 | |
2014-10-24 17:22:31,223 [salt.state ][INFO ] Executing state cmd.run for iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT | |
2014-10-24 17:22:31,223 [salt.loaded.int.module.cmdmod][INFO ] Executing command 'iptables -t nat -nL | grep MASQUERADE>/dev/null' in directory '/root' | |
2014-10-24 17:22:31,227 [salt.state ][INFO ] unless execution succeeded | |
2014-10-24 17:22:31,228 [salt.state ][INFO ] Completed state [iptables -I FORWARD -i eth0 -s 10.30.0.0/16 -m conntrack --ctstate NEW -j ACCEPT] at time 17:22:31.227673 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
configure_openvpn_NAT: | |
cmd.run: | |
- names: | |
- echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf | |
- sysctl -w net.ipv4.ip_forward=1 | |
# Allow traffic initiated from VPN to access LAN | |
- iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -d {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT | |
# Allow traffic initiated from VPN to access "the world" | |
- iptables -I FORWARD -i tun0 -o eth0 -s {{ pool }}/20 -m conntrack --ctstate NEW -j ACCEPT | |
# Allow traffic initiated from LAN to access "the world" | |
- iptables -I FORWARD -i eth0 -s {{ subnet }}/16 -m conntrack --ctstate NEW -j ACCEPT | |
# Allow established traffic to pass back and forth | |
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
# Masquerade traffic from VPN to "the world" -- done in the nat table | |
- iptables -t nat -I POSTROUTING -o eth0 -s {{ pool }}/20 -j MASQUERADE | |
# Masquerade traffic from LAN to "the world" | |
- iptables -t nat -I POSTROUTING -o eth0 -s {{ subnet }}/16 -j MASQUERADE | |
- unless: iptables -t nat -nL | grep MASQUERADE>/dev/null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment