status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
infra-nimbus/ansible/roles/redirect-ports
History
Jakub Sokołowski d44e790c0e
redirect-ports: migrate to using NFTables 
https://github.com/status-im/infra-misc/issues/301

Signed-off-by: Jakub Sokołowski <jakub@status.im>
 		2024-09-18 17:59:20 +02:00
..
defaults
handlers
tasks
README.md

README.md

Description

This role configures port redirects using iptables.

Configuration

You can redirect multiple ports:

redirect_ports:
  - { src:  80, dst: 8080, comment: 'XYZ Service HTTP' }
  - { src: 443, dst: 8443, comment: 'XYZ Service HTTPS' }

All configured ports are opened in the SERVICES chain and redirected using PREROUTING chain in the nat table:

 > sudo iptables -L PREROUTING -t nat   
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http  /* XYZ Service HTTP */ redir ports 8080
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https /* XYZ Service HTTPS */ redir ports 8443