diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index ab134fcfca7..c37059b5a6b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -775,41 +775,46 @@ class CsForwardingRules(CsDataBag): self.forward_vr(rule) def forward_vr(self, rule): + #prefetch iptables variables + public_fwinterface = self.getDeviceByIp(rule['public_ip']) + internal_fwinterface = self.getDeviceByIp(rule['internal_ip']) + public_fwports = self.portsToString(rule['public_ports'], ':') + internal_fwports = self.portsToString(rule['internal_ports'], '-') fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['internal_ip']), + internal_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ ( rule['public_ip'], rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ ( self.getGuestIp(), self.getNetworkByIp(rule['internal_ip']), rule['internal_ip'], - self.getDeviceByIp(rule['internal_ip']), + internal_fwinterface, rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') @@ -817,24 +822,24 @@ class CsForwardingRules(CsDataBag): fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), - hex(int(self.getDeviceByIp(rule['public_ip'])[3:])) + public_fwports, + hex(int(public_fwinterface[3:])) ) fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ ( rule['public_ip'], - self.getDeviceByIp(rule['public_ip']), + public_fwinterface, rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, ) fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \ ( - self.getDeviceByIp(rule['public_ip']), - self.getDeviceByIp(rule['internal_ip']), + public_fwinterface, + internal_fwinterface, rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':')