summaryrefslogtreecommitdiff
path: root/manifests/router/hairpinning.pp
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2015-09-12 14:56:23 -0300
committerSilvio Rhatto <rhatto@riseup.net>2015-09-12 14:56:23 -0300
commit7f3894654b7adbb0a4796fc2e83b6248282324bd (patch)
tree15045a73c274f5e4cc4b4670b03af7b473815517 /manifests/router/hairpinning.pp
parent14ced49d32beab8b80c6499b3a02ed1523ab98ae (diff)
downloadpuppet-firewall-7f3894654b7adbb0a4796fc2e83b6248282324bd.tar.gz
puppet-firewall-7f3894654b7adbb0a4796fc2e83b6248282324bd.tar.bz2
Class rename fix
Diffstat (limited to 'manifests/router/hairpinning.pp')
-rw-r--r--manifests/router/hairpinning.pp29
1 files changed, 29 insertions, 0 deletions
diff --git a/manifests/router/hairpinning.pp b/manifests/router/hairpinning.pp
new file mode 100644
index 0000000..21a8d9d
--- /dev/null
+++ b/manifests/router/hairpinning.pp
@@ -0,0 +1,29 @@
+# See http://www.shorewall.net/FAQ.htm#faq2
+define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www',
+ $external_ip = '$ETH0_IP', $interface = 'eth1',
+ $destination = '192.168.1.100', $source = 'eth1',
+ $source_zone = 'loc', $dest_zone = 'loc',
+ $port_dest = '') {
+ shorewall::masq { "routeback-$name":
+ interface => "$interface:$destination",
+ source => $source,
+ address => $external_ip,
+ proto => $proto,
+ port => $port,
+ order => $order,
+ }
+
+ shorewall::rule { "routeback-$name":
+ action => 'DNAT',
+ source => $source_zone,
+ destination => $port_dest ? {
+ '' => "$dest_zone:$destination",
+ default => "$dest_zone:$destination:$port_dest",
+ },
+ proto => $proto,
+ destinationport => $port,
+ ratelimit => '-',
+ order => $order,
+ originaldest => $external_ip,
+ }
+}