first commit

k3s/ansible/apply-cluster-snat.bat

@@ -0,0 +1,37 @@
+@echo off
+REM =========================================
+REM apply-cluster-snat.bat
+REM Enables hairpin NAT for Kubernetes pods -> HAProxy host
+REM =========================================
+
+REM ---- Step 1: Enable IP forwarding ----
+echo Enabling IPv4 forwarding...
+powershell -Command "Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'IPEnableRouter' -Value 1"
+echo IP forwarding enabled. Please reboot for permanent effect.
+
+REM ---- Step 2: Add UFW NAT rules ----
+echo Applying NAT rules for pod -> HAProxy hairpin...
+REM Ensure before.rules file exists
+set ufw_rules_file=/etc/ufw/before.rules
+
+REM Backup original rules
+if exist "%ufw_rules_file%.bak" (
+    echo Backup already exists.
+) else (
+    copy "%ufw_rules_file%" "%ufw_rules_file%.bak"
+    echo Backup created at %ufw_rules_file%.bak
+)
+
+REM Append NAT rules
+echo *nat >> "%ufw_rules_file%"
+echo :POSTROUTING ACCEPT [0:0] >> "%ufw_rules_file%"
+echo -A POSTROUTING -s 10.42.0.0/16 -d 192.168.1.160 -j MASQUERADE >> "%ufw_rules_file%"
+echo COMMIT >> "%ufw_rules_file%"
+
+REM ---- Step 3: Reload UFW ----
+echo Reloading UFW...
+ufw disable
+ufw enable
+
+echo Hairpin NAT applied successfully.
+pause