kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized .mds and meta/main.yml for client-wireguard roles and refactored README.md of Docker Roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-03-14 14:42:59 +01:00
parent 17e2c992b3
commit 892403cf8c
142 changed files with 1427 additions and 1395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
roles/client-wireguard-behind-firewall/README.md
View File

@@ -1,5 +1,26 @@
# client-wireguard-behind-nat
# Client WireGuard Behind NAT Role
# see
## Description
This role adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall. It ensures that traffic is forwarded correctly by applying necessary masquerading rules.
## 📌 Overview
Optimized for environments with network address translation (NAT), this role:
- Executes shell commands to modify iptables rules.
- Allows traffic from the WireGuard client interface (e.g. `wg0-client`) and sets up NAT masquerading on the external interface (e.g. `eth0`).
- Works as an extension to the native WireGuard client role.
## Purpose
The primary purpose of this role is to enable proper routing and connectivity for a WireGuard client situated behind a firewall or NAT device. By adapting iptables rules, it ensures that the client can communicate effectively with external networks.
## Features
- **iptables Rule Adaptation:** Modifies iptables to allow forwarding and NAT masquerading for the WireGuard client.
- **NAT Support:** Configures the external interface for proper masquerading.
- **Role Integration:** Depends on the [client-wireguard](../client-wireguard/README.md) role to ensure that WireGuard is properly configured before applying firewall rules.
## 📚 Other Resources
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39
- https://wiki.debian.org/iptables

26
roles/client-wireguard-behind-firewall/meta/main.yml
View File

@@ -1,2 +1,26 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Linux
versions:
- all
galaxy_tags:
- wireguard
- nat
- firewall
- iptables
- networking
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies:
- client-wireguard
- client-wireguard