From 82d94a87c56e1414d155271cff2481175640bc20 Mon Sep 17 00:00:00 2001
From: Dennis Konrad <d.konrad@ewerk.com>
Date: Thu, 30 Jan 2020 11:31:30 +0100
Subject: [PATCH] Fix Policy Based Routing for private gateway static routes
 (#3604)

* Fix for routing table issue with NAT interfaces

* Mark only packets with the public ip as destination
---
 systemvm/debian/opt/cloud/bin/configure.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
index cd0ef350ecb..8ce18d49e32 100755
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@@ -941,11 +941,11 @@ class CsForwardingRules(CsDataBag):
             raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"])
 
         self.fw.append(["mangle", "front",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
-                        rule["internal_ip"]])
+                        "-A PREROUTING -d %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
+                        rule["public_ip"]])
         self.fw.append(["mangle", "front",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
-                        (rule["internal_ip"], hex(100 + int(device[len("eth"):])))])
+                        "-A PREROUTING -d %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
+                        (rule["public_ip"], hex(100 + int(device[len("eth"):])))])
         self.fw.append(["nat", "front",
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",