Configure SQL iptables to forward requests to s-b

Author: quentinmit

ansible/roles/sql-iptables/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart netfilter-persistent
+  systemd: daemon_reload=yes name=netfilter-persistent.service state=restarted

ansible/roles/sql-iptables/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Install iptables-persistent
+  package: name=iptables-persistent
+- name: Configure iptables-persistent
+  template:
+    dest: /etc/iptables/rules.v4
+    src: rules.v4.j2
+  notify: restart netfilter-persistent

ansible/roles/sql-iptables/templates/rules.v4.j2

@@ -0,0 +1,20 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+# Send the web interface to scripts
+#-A PREROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j DNAT --to-destination 18.4.86.46 -i vlan486
+#-A PREROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j DNAT --to-destination 172.21.0.46 -i vlan461
+#-A POSTROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j SNAT --to-source {{ vlan486_address }} -o vlan486
+#-A POSTROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j SNAT --to-source {{ vlan461_address }} -o vlan461
+# Send the web interface to s-b
+-A PREROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j DNAT --to-destination 18.4.86.47 -i vlan486
+-A PREROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j DNAT --to-destination 172.21.0.47 -i vlan461
+-A POSTROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j SNAT --to-source {{ vlan486_address }} -o vlan486
+-A POSTROUTING -p tcp -m tcp -m multiport --dports 80,443,444 -j SNAT --to-source {{ vlan461_address }} -o vlan461
+COMMIT
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT

ansible/sql.yml

@@ -31,6 +31,7 @@
   - sql-remctl
   - sql-backup-ng
   - sql-nrpe
+  - sql-iptables
   - afs
   tasks:
   - name: Disable rpcbind