diff options
Diffstat (limited to 'manifests/implementations/shorewall/router/hairpinning.pp')
| -rw-r--r-- | manifests/implementations/shorewall/router/hairpinning.pp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/manifests/implementations/shorewall/router/hairpinning.pp b/manifests/implementations/shorewall/router/hairpinning.pp new file mode 100644 index 0000000..21a8d9d --- /dev/null +++ b/manifests/implementations/shorewall/router/hairpinning.pp @@ -0,0 +1,29 @@ +# See http://www.shorewall.net/FAQ.htm#faq2 +define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www', + $external_ip = '$ETH0_IP', $interface = 'eth1', + $destination = '192.168.1.100', $source = 'eth1', + $source_zone = 'loc', $dest_zone = 'loc', + $port_dest = '') { + shorewall::masq { "routeback-$name": + interface => "$interface:$destination", + source => $source, + address => $external_ip, + proto => $proto, + port => $port, + order => $order, + } + + shorewall::rule { "routeback-$name": + action => 'DNAT', + source => $source_zone, + destination => $port_dest ? { + '' => "$dest_zone:$destination", + default => "$dest_zone:$destination:$port_dest", + }, + proto => $proto, + destinationport => $port, + ratelimit => '-', + order => $order, + originaldest => $external_ip, + } +} |