Fix NAT and make it working for Terraform and Vagrant

Commit b504810 introduced a NAT to make worker capable of reaching the public internet via the provisioner. But it also introduced a bug, it only works for the Vagrant setup as Manny pointed out: https://github.com/tinkerbell/sandbox/pull/33#issuecomment-759651035 This is an attempt to fix it Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
2021-01-22 09:35:16 +01:00
parent f07e3d8d72
commit 243777b6ef
3 changed files with 16 additions and 7 deletions
--- a/deploy/terraform/main.tf
+++ b/deploy/terraform/main.tf
@ -66,6 +66,14 @@ resource "null_resource" "tink_directory" {
    destination = "/root/tink"
  }

+  provisioner "remote-exec" {
+    inline = [
+      "iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
+      "iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
+      "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
+    ]
+  }
+
  provisioner "remote-exec" {
    inline = [
      "chmod +x /root/tink/*.sh /root/tink/deploy/tls/*.sh"