Add port forwarding for admin_git jail.

2023-06-17 19:12:30 -04:00 · 2023-06-17 19:12:30 -04:00 · f10964623d
commit f10964623d
parent 62ade773d8
2 changed files with 7 additions and 5 deletions
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@ -25,10 +25,10 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 6443 -> 10.215
 nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
 nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
-rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
+rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to $not_jail_nat_v4 port 65099 -> 10.215.1.210 port 22
-rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
+rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 65099 -> 10.215.1.210 port 22
-nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
-nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
--- a/ansible/roles/kubernetes/tasks/linux.yaml
+++ b/ansible/roles/kubernetes/tasks/linux.yaml
@ -6,6 +6,7 @@
    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
  loop:
    - kubeswitch
    - flux-scm
 - name: Update cache
  when: buildaur.changed
@ -13,7 +14,7 @@
    name: []
    state: present
    update_cache: true
-    
+
 - name: Install packages
  package:
    name:
@ -21,4 +22,5 @@
      - stern
      - kubectx
      - kubeswitch
      - flux-scm
    state: present