Attempted fix for udp forwarding
This commit is contained in:
Philip (a-0)
parent
5b508f2f87
commit
b867164902
2 changed files with 21 additions and 23 deletions
|
|
@ -1,7 +1,9 @@
|
||||||
---
|
---
|
||||||
- name: Install autossh
|
- name: Install required packages
|
||||||
apt:
|
apt:
|
||||||
name: autossh
|
pkg:
|
||||||
|
- autossh
|
||||||
|
- socat
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
|
|
@ -32,6 +34,13 @@
|
||||||
owner: "{{ ssh_tunnel_autossh_system_user }}"
|
owner: "{{ ssh_tunnel_autossh_system_user }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
|
#- name: Re-convert udp sent over ssh to udp packets
|
||||||
|
# become: yes
|
||||||
|
# shell:
|
||||||
|
# command: "socat tcp4-listen:8000,reuseaddr,fork udp:server02:53"
|
||||||
|
# loop: "{{ tunneled_ports }}"
|
||||||
|
# when: "'udp' in item.protocols"
|
||||||
|
|
||||||
- name: Set systemd service file
|
- name: Set systemd service file
|
||||||
become: yes
|
become: yes
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
---
|
---
|
||||||
|
- name: Install required packages
|
||||||
|
apt:
|
||||||
|
name: socat
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Ensure unprivileged ssh user exists
|
- name: Ensure unprivileged ssh user exists
|
||||||
user:
|
user:
|
||||||
name: "{{ ssh_tunnel_sshd_unprivileged_user }}"
|
name: "{{ ssh_tunnel_sshd_unprivileged_user }}"
|
||||||
|
|
@ -81,18 +86,10 @@
|
||||||
|
|
||||||
- name: Forward privileged ports to ephemeral localhost ports (IPv4, UDP)
|
- name: Forward privileged ports to ephemeral localhost ports (IPv4, UDP)
|
||||||
become: yes
|
become: yes
|
||||||
iptables:
|
shell:
|
||||||
ip_version: ipv4
|
command: "socat -T10 udp4-recvfrom:{{ item.exposed_port }},fork tcp:127.0.0.1:{{ item.ephemeral_port }}"
|
||||||
table: nat
|
|
||||||
chain: PREROUTING
|
|
||||||
in_interface: eth0
|
|
||||||
protocol: udp
|
|
||||||
destination_port: "{{ item.exposed_port }}"
|
|
||||||
jump: DNAT
|
|
||||||
to_destination: "127.0.0.1:{{ item.ephemeral_port }}"
|
|
||||||
loop: "{{ tunneled_ports }}"
|
loop: "{{ tunneled_ports }}"
|
||||||
when: "'udp' in item.protocols"
|
when: "'udp' in item.protocols"
|
||||||
notify: persist iptables
|
|
||||||
|
|
||||||
- name: Forward privileged ports to ephemeral localhost ports (IPv6, TCP)
|
- name: Forward privileged ports to ephemeral localhost ports (IPv6, TCP)
|
||||||
become: yes
|
become: yes
|
||||||
|
|
@ -111,15 +108,7 @@
|
||||||
|
|
||||||
- name: Forward privileged ports to ephemeral localhost ports (IPv6, UDP)
|
- name: Forward privileged ports to ephemeral localhost ports (IPv6, UDP)
|
||||||
become: yes
|
become: yes
|
||||||
iptables:
|
shell:
|
||||||
ip_version: ipv6
|
command: "socat -T10 udp6-recvfrom:{{ item.exposed_port }},fork tcp:[::1]:{{ item.ephemeral_port }}"
|
||||||
table: nat
|
|
||||||
chain: PREROUTING
|
|
||||||
in_interface: eth0
|
|
||||||
protocol: udp
|
|
||||||
destination_port: "{{ item.exposed_port }}"
|
|
||||||
jump: DNAT
|
|
||||||
to_destination: "[::1]:{{ item.ephemeral_port }}"
|
|
||||||
loop: "{{ tunneled_ports }}"
|
loop: "{{ tunneled_ports }}"
|
||||||
when: "'udp' in item.protocols"
|
when: "'udp' in item.protocols"
|
||||||
notify: persist iptables
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue