From 26858c16eebce4e3a600a61d61208a96ec7318c4 Mon Sep 17 00:00:00 2001
From: Jayapal <jayapal@apache.org>
Date: Thu, 19 Dec 2013 10:46:49 +0530
Subject: [PATCH] CLOUDSTACK-4535 Fixed issue in PF in connecting from private
 nw when public and private ports are different

---
 systemvm/patches/debian/config/root/firewall.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemvm/patches/debian/config/root/firewall.sh b/systemvm/patches/debian/config/root/firewall.sh
index 56153603a78..8c0e0fc526a 100755
--- a/systemvm/patches/debian/config/root/firewall.sh
+++ b/systemvm/patches/debian/config/root/firewall.sh
@@ -61,6 +61,7 @@ doHairpinNat () {
   local guestVmIp=$4
   local guestPort=$(echo $5 | sed 's/:/-/')
   local op=$6
+  local destPort=$5
   logger -t cloud "$(basename $0): create HairPin entry : public ip=$publicIp \
   instance ip=$guestVmIp proto=$proto portRange=$guestPort op=$op"
 
@@ -71,7 +72,7 @@ doHairpinNat () {
   		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
 	else
   		(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -p $prot --dport $port -j DNAT --to-destination $guestVmIp:$guestPort &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $port -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
+  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $destPort -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
 	fi
 }