[proxy] Enable IP forwarding and ARP and NDP proxies

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-06-28 23:12:03 +02:00 · 2022-06-28 23:12:03 +02:00 · 4fe189f248
parent 66269841a7
commit 4fe189f248
3 changed files with 25 additions and 0 deletions
--- a/group_vars/arpproxy.yml
+++ b/group_vars/arpproxy.yml
@ -9,3 +9,5 @@ glob_service_proxy:
  cron:
    frequency: "* * * * *"
    options: "--alter"
+  proto_id: 201
+  main_interface: ens18
--- a/plays/arpproxy.yml
+++ b/plays/arpproxy.yml
@ -5,3 +5,4 @@
    service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}"
  roles:
    - service
+    - arpproxy
--- a/roles/arpproxy/tasks/main.yml
+++ b/roles/arpproxy/tasks/main.yml
@ -0,0 +1,22 @@
+---
+- name: Register proto proxy
+  lineinfile:
+    path: /etc/iproute2/rt_protos.d/proxy.conf
+    regexp: "^\\d+ proxy$"
+    line: "{{ service.proto_id }} {{ service.config.protocol }}"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable IP forward and ARP and NDP proxies
+  sysctl:
+    name: "{{ item.name }}"
+    value: "1"
+    sysctl_file: "/etc/sysctl.d/{{ item.file }}.conf"
+    sysctl_set: true
+    reload: true
+  loop:
+    - {name: "net.ipv4.ip_forward", file: "10-forwarding"}
+    - {name: "net.ipv6.conf.all.forwarding", file: "10-forwarding"}
+    - {name: "net.ipv4.conf.{{ service.main_interface }}.proxy_arp", file: "11-proxy-{{ service.main_interface }}"}
+    - {name: "net.ipv6.conf.{{ service.main_interface }}.proxy_ndp", file: "11-proxy-{{ service.main_interface }}"}