From 1e6024b83fa2c4ade2c5c561ede95f9be7a90bc9 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Mon, 4 Apr 2011 18:56:58 -0700
Subject: [PATCH] bug 8959: 1. rp_filter prevents connections that span eth2
 and eth3 because of default route 2. delete before add of default nat rules
 status 8959: resolved fixed

---
 patches/systemvm/debian/config/etc/init.d/cloud-early-config | 1 +
 patches/systemvm/debian/config/root/ipassoc.sh               | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index d3f82e5e857..982b9e807c8 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -282,6 +282,7 @@ setup_router() {
   enable_svc haproxy 1
   enable_svc cloud-passwd-srvr 1
   enable_svc cloud 0
+  disable_rpfilter
   enable_fwding 1
   chkconfig nfs-common off
   cp /etc/iptables/iptables-router /etc/iptables/rules
diff --git a/patches/systemvm/debian/config/root/ipassoc.sh b/patches/systemvm/debian/config/root/ipassoc.sh
index e7739772747..99895b6bcc5 100644
--- a/patches/systemvm/debian/config/root/ipassoc.sh
+++ b/patches/systemvm/debian/config/root/ipassoc.sh
@@ -16,14 +16,19 @@ add_nat_entry() {
   local ipNoMask=$(echo $1 | awk -F'/' '{print $1}')
   sudo ip link set $ethDev up
   sudo ip addr add dev $ethDev $pubIp
+  sudo iptables -D FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+  sudo iptables -D FORWARD -i eth0 -o $ethDev  -j ACCEPT
+  sudo iptables -t nat -D POSTROUTING   -j SNAT -o $ethDev --to-source $ipNoMask ;
   sudo iptables -A FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
   sudo iptables -A FORWARD -i eth0 -o $ethDev  -j ACCEPT
   sudo iptables -t nat -I POSTROUTING   -j SNAT -o $ethDev --to-source $ipNoMask ;
   sudo arping -c 3 -I $ethDev -A -U -s $ipNoMask $ipNoMask;
   if [ $? -gt 0  -a $? -ne 2 ]
   then
+     logger -t cloud "$(basename $0):Failed adding nat entry for ip $pubIp on interface $ethDev"
      return 1
   fi
+  logger -t cloud "$(basename $0):Added nat entry for ip $pubIp on interface $ethDev"
 
   return 0