apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-4535 Fixed issue in PF in connecting from private nw when public and private ports are different

Browse Source
This commit is contained in:
Jayapal 2013-12-19 10:46:49 +05:30
parent 33fb241fdf
commit 26858c16ee
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
systemvm/patches/debian/config/root/firewall.sh
View File

@ -61,6 +61,7 @@ doHairpinNat () {
local guestVmIp=$4 local guestVmIp=$4
local guestPort=$(echo $5 | sed 's/:/-/') local guestPort=$(echo $5 | sed 's/:/-/')
local op=$6 local op=$6
local destPort=$5
logger -t cloud "$(basename $0): create HairPin entry : public ip=$publicIp \ logger -t cloud "$(basename $0): create HairPin entry : public ip=$publicIp \
instance ip=$guestVmIp proto=$proto portRange=$guestPort op=$op" instance ip=$guestVmIp proto=$proto portRange=$guestPort op=$op"
@ -71,7 +72,7 @@ doHairpinNat () {
(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ]) (sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
else else
(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -p $prot --dport $port -j DNAT --to-destination $guestVmIp:$guestPort &>> $OUTFILE || [ "$op" == "-D" ]) && (sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -p $prot --dport $port -j DNAT --to-destination $guestVmIp:$guestPort &>> $OUTFILE || [ "$op" == "-D" ]) &&
(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $port -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ]) (sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $destPort -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
fi fi
} }