talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update command to route private kubernetes services.

Browse Source
This commit is contained in:
Tom Alexander 2024-10-06 21:34:12 -04:00
parent acf4951047
commit 5a08b3e0bd
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/firewall/files/mrmanager_pf.conf
View File

@ -33,7 +33,7 @@ scrub in on $ext_if all fragment reassemble
# redirections
nat on $ext_if inet from ! ($ext_if) to ! ($ext_if) -> ($ext_if)
rdr pass proto {tcp, udp} from any to 10.215.1.1 port 53 tag REDIREXTERNAL -> 1.1.1.1 port 53
rdr pass on jail_nat proto {tcp, udp} from any to 10.215.1.1 port 53 tag REDIREXTERNAL -> 1.1.1.1 port 53
rdr pass on $ext_if proto {tcp, udp} to ($ext_if) port 6443 -> 10.215.1.204 port 6443
rdr pass on jail_nat proto {tcp, udp} to ($ext_if) port 6443 tag REDIRINTERNAL -> 10.215.1.204 port 6443
@ -63,6 +63,7 @@ pass quick on $allow
# Single interface kubernetes cluster is working with the following run on mrmanager:
# doas route add -host 74.80.180.139 -interface jail_nat
# doas route add -net 10.129.0.0/16 -interface jail_nat
# doas sysctl net.link.ether.inet.proxyall=1
# Plus this in pf.conf:
# pass quick from any to 74.80.180.139