summaryrefslogtreecommitdiff
path: root/puppet/modules/site_shorewall
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_shorewall')
-rw-r--r--puppet/modules/site_shorewall/manifests/dnat_rule.pp12
1 files changed, 8 insertions, 4 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index aa298408..f9fbe950 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -4,41 +4,45 @@ define site_shorewall::dnat_rule {
if $port != 1194 {
if $site_openvpn::openvpn_allow_unlimited {
shorewall::rule {
- "dnat_tcp_port_$port":
+ "dnat_tcp_port_${port}":
action => 'DNAT',
source => 'net',
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
- "dnat_udp_port_$port":
+ "dnat_udp_port_${port}":
action => 'DNAT',
source => 'net',
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}
if $site_openvpn::openvpn_allow_limited {
shorewall::rule {
- "dnat_free_tcp_port_$port":
+ "dnat_free_tcp_port_${port}":
action => 'DNAT',
source => 'net',
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
- "dnat_free_udp_port_$port":
+ "dnat_free_udp_port_${port}":
action => 'DNAT',
source => 'net',
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}