X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?p=apex.git;a=blobdiff_plain;f=lib%2Fansible%2Fplaybooks%2Fconfigure_undercloud.yml;h=fbac6eeb65c45a13af97f728a14627ff71aed58a;hp=9ef0d883add56da1c7b5b6389cc9f7766fc44289;hb=f6dbb3929d904b4d5a9ee01f8270051e29ac1ec3;hpb=a008f8394e07f1b82d5bf7288f46c63252f6084f

diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml
index 9ef0d883..fbac6eeb 100644
--- a/lib/ansible/playbooks/configure_undercloud.yml
+++ b/lib/ansible/playbooks/configure_undercloud.yml
@@ -143,6 +143,38 @@
         - external_network.enabled
         - aarch64
       become: yes
+    - block:
+        - name: Undercloud NAT - MASQUERADE interface
+          iptables:
+            table: nat
+            chain: POSTROUTING
+            out_interface: eth0
+            jump: MASQUERADE
+        - name: Undercloud NAT - MASQUERADE interface with subnet
+          iptables:
+            table: nat
+            chain: POSTROUTING
+            out_interface: eth0
+            jump: MASQUERADE
+            source: "{{ nat_cidr }}"
+        - name: Undercloud NAT - Allow Forwarding
+          iptables:
+            chain: FORWARD
+            in_interface: eth2
+            jump: ACCEPT
+        - name: Undercloud NAT - Allow Stateful Forwarding
+          iptables:
+            chain: FORWARD
+            in_interface: eth2
+            jump: ACCEPT
+            source: "{{ nat_cidr }}"
+            ctstate: ESTABLISHED,RELATED
+        - name: Undercloud NAT - Save iptables
+          shell: service iptables save
+      become: yes
+      when:
+        - not nat_network_ipv6
+        - virtual_overcloud
     - name: fetch storage environment file
       fetch:
         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml