- additional AP config - fw rules

roles/ap/files/dnsmasq.conf

@@ -1,7 +1,7 @@
 interface=wlan0
 dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
 listen-address=10.250.250.1
-bind-interfaces
+#bind-interfaces
 server=8.8.8.8
 bogus-priv
-domain=demo.dsfinancial.com
+domain=demo.dsfinancial.com

roles/ap/tasks/main.yaml

@@ -65,32 +65,28 @@
           masked: no
           state: restarted
   tags: wireless_ap
-- name: enable ipv4.forwarding
+- name: lan to wlan
-  become: true
+  iptables:
-  sysctl:
+    chain: FORWARD
-          name: net.ipv4.ip_forward
+    ctstate: ESTABLISHED,RELATED
-          value: 1
+    jump: ACCEPT
-          sysctl_set: yes
+    in_interface: eth0
-          state: present
+    out_interface: wlan0
-          reload: yes
+  become: yes
-  tags: wireless_ap
+- name: wlan to lan
-- name: copy fw config
+  iptables:
-  become: true
+          chain: FORWARD
-  copy:
+          jump: ACCEPT
-    src: "{{ role_path }}/files/iptables.ipv4.nat"
+          in_interface: wlan0
-    dest: "/etc/iptables.ipv4.nat"
+          out_interface: eth0
-    backup: yes
+  become: yes
-    owner: root
+- name: forwarding
-    group: root
+  iptables:
-  tags: wireless_ap
+          chain: POSTROUTING
-- name: iptables-restore to rc.local
+          out_interface: eth0
-  lineinfile:
+          table: nat
-    path: "/etc/rc.local"
+          jump: MASQUERADE
-    state: present
+  become: yes
-    insertbefore: "exit 0"
-    line: "iptables-restore < /etc/iptables.ipv4.nat"
-  become: true
-  tags: wireless_ap
 - name: restart dhcpcd
   become: true
   systemd:

roles/common/files/proc_check.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
-/usr/bin/killall chromium-browser
+sudo /usr/bin/killall chromium-browser
-/usr/bin/killall chromium-browser
+sudo /usr/bin/killall chromium-browser
-/usr/bin/killall chromium-browser
+sudo /usr/bin/killall chromium-browser
-systemctl restart ntopng
+sudo systemctl restart ntopng