Attempted fix for udp forwarding

2022-07-27 11:30:37 +02:00 · 2022-07-27 11:30:37 +02:00 · b867164902
commit b867164902
parent 5b508f2f87
2 changed files with 21 additions and 23 deletions
--- a/tasks/remote.yml
+++ b/tasks/remote.yml
@ -1,4 +1,9 @@
 ---
+- name: Install required packages
+  apt:
+    name: socat
+    state: present
+
 - name: Ensure unprivileged ssh user exists
  user:
    name: "{{ ssh_tunnel_sshd_unprivileged_user }}"
@ -81,18 +86,10 @@

 - name: Forward privileged ports to ephemeral localhost ports (IPv4, UDP)
  become: yes
-  iptables:
-    ip_version: ipv4
-    table: nat
-    chain: PREROUTING
-    in_interface: eth0
-    protocol: udp
-    destination_port: "{{ item.exposed_port }}"
-    jump: DNAT
-    to_destination: "127.0.0.1:{{ item.ephemeral_port }}"
+  shell:
+    command: "socat -T10 udp4-recvfrom:{{ item.exposed_port }},fork tcp:127.0.0.1:{{ item.ephemeral_port }}"
  loop: "{{ tunneled_ports }}"
  when: "'udp' in item.protocols"
-  notify: persist iptables

 - name: Forward privileged ports to ephemeral localhost ports (IPv6, TCP)
  become: yes
@ -111,15 +108,7 @@

 - name: Forward privileged ports to ephemeral localhost ports (IPv6, UDP)
  become: yes
-  iptables:
-    ip_version: ipv6
-    table: nat
-    chain: PREROUTING
-    in_interface: eth0
-    protocol: udp
-    destination_port: "{{ item.exposed_port }}"
-    jump: DNAT
-    to_destination: "[::1]:{{ item.ephemeral_port }}"
+  shell:
+    command: "socat -T10 udp6-recvfrom:{{ item.exposed_port }},fork tcp:[::1]:{{ item.ephemeral_port }}"
  loop: "{{ tunneled_ports }}"
-  when: "'udp' in item.protocols"
-  notify: persist iptables
+  when: "'udp' in item.protocols"