+ - block:
+ - name: Undercloud NAT - MASQUERADE interface
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ - name: Undercloud NAT - MASQUERADE interface with subnet
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ source: "{{ nat_cidr }}"
+ - name: Undercloud NAT - Allow Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ - name: Undercloud NAT - Allow Stateful Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ source: "{{ nat_cidr }}"
+ ctstate: ESTABLISHED,RELATED
+ - name: Undercloud NAT - Save iptables
+ shell: service iptables save
+ become: yes
+ when:
+ - not nat_network_ipv6
+ - nat