1 files changed, 32 insertions, 0 deletions

diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml
index 9ef0d883..fbac6eeb 100644
--- a/lib/ansible/playbooks/configure_undercloud.yml
+++ b/lib/ansible/playbooks/configure_undercloud.yml
@@ -143,6 +143,38 @@
         - external_network.enabled
         - aarch64
       become: yes
+    - block:
+        - name: Undercloud NAT - MASQUERADE interface
+          iptables:
+            table: nat
+            chain: POSTROUTING
+            out_interface: eth0
+            jump: MASQUERADE
+        - name: Undercloud NAT - MASQUERADE interface with subnet
+          iptables:
+            table: nat
+            chain: POSTROUTING
+            out_interface: eth0
+            jump: MASQUERADE
+            source: "{{ nat_cidr }}"
+        - name: Undercloud NAT - Allow Forwarding
+          iptables:
+            chain: FORWARD
+            in_interface: eth2
+            jump: ACCEPT
+        - name: Undercloud NAT - Allow Stateful Forwarding
+          iptables:
+            chain: FORWARD
+            in_interface: eth2
+            jump: ACCEPT
+            source: "{{ nat_cidr }}"
+            ctstate: ESTABLISHED,RELATED
+        - name: Undercloud NAT - Save iptables
+          shell: service iptables save
+      become: yes
+      when:
+        - not nat_network_ipv6
+        - virtual_overcloud
     - name: fetch storage environment file
       fetch:
         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml