From 8ba1b2d33ae732e58c2037713d4adddb1fa9ca44 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 13 Jan 2011 15:49:15 -0800
Subject: [PATCH] bug 7380: SNAT rules when there are multiple public
 interfaces

---
 .../cloud/hypervisor/xen/resource/CitrixResourceBase.java   | 1 +
 scripts/network/domr/ipassoc.sh                             | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 621a78e3784..62e3c296d54 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -1377,6 +1377,7 @@ public abstract class CitrixResourceBase implements ServerResource {
                 args += " -l ";
                 args += publicIpAddress + "/" + cidrSize;
             } else if (firstIP) {
+            	args += " -f";
             	args += " -l ";
                 args += publicIpAddress + "/" + cidrSize;
             } else {
diff --git a/scripts/network/domr/ipassoc.sh b/scripts/network/domr/ipassoc.sh
index fd6d156111f..6bf23dfa956 100755
--- a/scripts/network/domr/ipassoc.sh
+++ b/scripts/network/domr/ipassoc.sh
@@ -73,6 +73,8 @@ add_nat_entry() {
   local ipNoMask=$(echo $2 | awk -F'/' '{print $1}')
    ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
       ip addr add dev $correctVif $pubIp
+      iptables -A FORWARD -i $correctVif -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+      iptables -A FORWARD -i eth0 -o $correctVif  -j ACCEPT
       iptables -t nat -I POSTROUTING   -j SNAT -o $correctVif --to-source $ipNoMask ;
       arping -c 3 -I $correctVif -A -U -s $ipNoMask $ipNoMask;
      "
@@ -92,6 +94,8 @@ del_nat_entry() {
   local mask=$(echo $2 | awk -F'/' '{print $2}')
   [ "$mask" == "" ] && mask="32"
    ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
+      iptables -D FORWARD -i $correctVif -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+      iptables -D FORWARD -i eth0 -o $correctVif  -j ACCEPT
       iptables -t nat -D POSTROUTING   -j SNAT -o $correctVif --to-source $ipNoMask;
       ip addr del dev $correctVif "$ipNoMask/$mask"
      "
@@ -143,6 +147,8 @@ remove_an_ip () {
           ip addr del dev $correctVif \$replaceIpMask;
           replaceIp=\`echo \$replaceIpMask | awk -F/ '{print \$1}'\`;
           ip addr add dev $correctVif \$replaceIp/$existingMask;
+          iptables -t nat -D POSTROUTING   -j SNAT -o $correctVif --to-source $ipNoMask ;
+          iptables -t nat -A POSTROUTING   -j SNAT -o $correctVif --to-source \$replaceIp ;
         fi
        "
     result=$?