apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 7380: SNAT rules when there are multiple public interfaces

Browse Source
This commit is contained in:
Chiradeep Vittal 2011-01-13 15:49:15 -08:00
parent b046869011
commit 8ba1b2d33a
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
View File

@ -1377,6 +1377,7 @@ public abstract class CitrixResourceBase implements ServerResource {
args += " -l "; args += " -l ";
args += publicIpAddress + "/" + cidrSize; args += publicIpAddress + "/" + cidrSize;
} else if (firstIP) { } else if (firstIP) {
args += " -f";
args += " -l "; args += " -l ";
args += publicIpAddress + "/" + cidrSize; args += publicIpAddress + "/" + cidrSize;
} else { } else {

6
scripts/network/domr/ipassoc.sh
View File

@ -73,6 +73,8 @@ add_nat_entry() {
local ipNoMask=$(echo $2 | awk -F'/' '{print $1}') local ipNoMask=$(echo $2 | awk -F'/' '{print $1}')
ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
ip addr add dev $correctVif $pubIp ip addr add dev $correctVif $pubIp
iptables -A FORWARD -i $correctVif -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o $correctVif -j ACCEPT
iptables -t nat -I POSTROUTING -j SNAT -o $correctVif --to-source $ipNoMask ; iptables -t nat -I POSTROUTING -j SNAT -o $correctVif --to-source $ipNoMask ;
arping -c 3 -I $correctVif -A -U -s $ipNoMask $ipNoMask; arping -c 3 -I $correctVif -A -U -s $ipNoMask $ipNoMask;
" "
@ -92,6 +94,8 @@ del_nat_entry() {
local mask=$(echo $2 | awk -F'/' '{print $2}') local mask=$(echo $2 | awk -F'/' '{print $2}')
[ "$mask" == "" ] && mask="32" [ "$mask" == "" ] && mask="32"
ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ ssh -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
iptables -D FORWARD -i $correctVif -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i eth0 -o $correctVif -j ACCEPT
iptables -t nat -D POSTROUTING -j SNAT -o $correctVif --to-source $ipNoMask; iptables -t nat -D POSTROUTING -j SNAT -o $correctVif --to-source $ipNoMask;
ip addr del dev $correctVif "$ipNoMask/$mask" ip addr del dev $correctVif "$ipNoMask/$mask"
" "
@ -143,6 +147,8 @@ remove_an_ip () {
ip addr del dev $correctVif \$replaceIpMask; ip addr del dev $correctVif \$replaceIpMask;
replaceIp=\`echo \$replaceIpMask | awk -F/ '{print \$1}'\`; replaceIp=\`echo \$replaceIpMask | awk -F/ '{print \$1}'\`;
ip addr add dev $correctVif \$replaceIp/$existingMask; ip addr add dev $correctVif \$replaceIp/$existingMask;
iptables -t nat -D POSTROUTING -j SNAT -o $correctVif --to-source $ipNoMask ;
iptables -t nat -A POSTROUTING -j SNAT -o $correctVif --to-source \$replaceIp ;
fi fi
" "
result=$? result=$?