apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bugfix #9 vpc vr: Add PREROUTING rule for vm with static nat to multiple private gateways

Browse Source
This commit is contained in:
Wei Zhou 2020-11-19 17:23:53 +00:00 committed by dahn
parent 69c0f71cf7
commit 8a68617eee
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
systemvm/debian/opt/cloud/bin/configure.py
View File

@ -817,6 +817,13 @@ class CsForwardingRules(CsDataBag):
return interface.get_gateway() return interface.get_gateway()
return None return None
def getPrivateGatewayNetworks(self):
interfaces = []
for interface in self.config.address().get_interfaces():
if interface.is_private_gateway():
interfaces.append(interface)
return interfaces
def portsToString(self, ports, delimiter): def portsToString(self, ports, delimiter):
ports_parts = ports.split(":", 2) ports_parts = ports.split(":", 2)
if ports_parts[0] == ports_parts[1]: if ports_parts[0] == ports_parts[1]:
@ -948,12 +955,21 @@ class CsForwardingRules(CsDataBag):
if device is None: if device is None:
raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"]) raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"])
chain_name = "PREROUTING-%s-def" % device
self.fw.append(["mangle", "front", self.fw.append(["mangle", "front",
"-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % "-A PREROUTING -s %s/32 -m state --state NEW -j %s" %
rule["internal_ip"]]) (rule["internal_ip"], chain_name)])
self.fw.append(["mangle", "front", self.fw.append(["mangle", "",
"-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" % "-A %s -j MARK --set-xmark %s/0xffffffff" %
(rule["internal_ip"], hex(100 + int(device[len("eth"):])))]) (chain_name, hex(100 + int(device[len("eth"):])))])
self.fw.append(["mangle", "",
"-A %s -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
chain_name])
private_gateways = self.getPrivateGatewayNetworks()
for private_gw in private_gateways:
self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
(chain_name, private_gw.get_network())])
self.fw.append(["nat", "front", self.fw.append(["nat", "front",
"-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
self.fw.append(["nat", "front", self.fw.append(["nat", "front",

3
systemvm/debian/opt/cloud/bin/cs/CsAddress.py
View File

@ -488,6 +488,9 @@ class CsIP:
self.fw.append(["mangle", "", self.fw.append(["mangle", "",
"-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" % "-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" %
(self.dev, self.address['network'], self.address['gateway'], self.dev)]) (self.dev, self.address['network'], self.address['gateway'], self.dev)])
self.fw.append(["mangle", "front",
"-A PREROUTING -s %s -d %s -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
(self.cl.get_vpccidr(), self.address['network'], hex(100 + int(self.dev[3:])))])
if self.address["source_nat"]: if self.address["source_nat"]:
self.fw.append(["nat", "front", self.fw.append(["nat", "front",
"-A POSTROUTING -o %s -j SNAT --to-source %s" % "-A POSTROUTING -o %s -j SNAT --to-source %s" %