Enable unsafe routing to PVE network over nebula

2021-01-30 22:59:56 +00:00
parent da301eb7dd
commit 643d843bfb
6 changed files with 50 additions and 31 deletions
--- a/ansible/roles/nebula/tasks/main.yml
+++ b/ansible/roles/nebula/tasks/main.yml
@ -53,3 +53,14 @@
    name: nebula
    enabled: true
  become: true
+
+- name: Enable unsafe routing
+  iptables:
+    table: nat
+    chain: POSTROUTING
+    out_interface: ens18
+    source: "{{ nebula.subnet }}"
+    jump: MASQUERADE
+  notify: persist iptables
+  become: true
+  when: ansible_fqdn == "ingress"