bug 8959: 1. rp_filter prevents connections that span eth2 and eth3 because of default route

2. delete before add of default nat rules status 8959: resolved fixed
2025-10-26 08:42:29 +01:00 · 2011-04-04 18:56:58 -07:00 · 2011-04-04 18:56:58 -07:00 · 1e6024b83f
commit 1e6024b83f
parent 9b4b0abcce
2 changed files with 6 additions and 0 deletions
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@ -282,6 +282,7 @@ setup_router() {
  enable_svc haproxy 1
  enable_svc cloud-passwd-srvr 1
  enable_svc cloud 0
+  disable_rpfilter
  enable_fwding 1
  chkconfig nfs-common off
  cp /etc/iptables/iptables-router /etc/iptables/rules
--- a/patches/systemvm/debian/config/root/ipassoc.sh
+++ b/patches/systemvm/debian/config/root/ipassoc.sh
@ -16,14 +16,19 @@ add_nat_entry() {
  local ipNoMask=$(echo $1 | awk -F'/' '{print $1}')
  sudo ip link set $ethDev up
  sudo ip addr add dev $ethDev $pubIp
+  sudo iptables -D FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+  sudo iptables -D FORWARD -i eth0 -o $ethDev  -j ACCEPT
+  sudo iptables -t nat -D POSTROUTING   -j SNAT -o $ethDev --to-source $ipNoMask ;
  sudo iptables -A FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  sudo iptables -A FORWARD -i eth0 -o $ethDev  -j ACCEPT
  sudo iptables -t nat -I POSTROUTING   -j SNAT -o $ethDev --to-source $ipNoMask ;
  sudo arping -c 3 -I $ethDev -A -U -s $ipNoMask $ipNoMask;
  if [ $? -gt 0  -a $? -ne 2 ]
  then
+     logger -t cloud "$(basename $0):Failed adding nat entry for ip $pubIp on interface $ethDev"
     return 1
  fi
+  logger -t cloud "$(basename $0):Added nat entry for ip $pubIp on interface $ethDev"

  return 0