Fixing the communication with VM via Public IP

- Pub IP port forwarding and static NAT fixed for single VPCs - Pub IP port forwarding fixed for redundant VPCs [wip] fix static NAT for redundant VPCs This closes #150
2025-11-03 04:12:31 +01:00 · 2015-04-08 15:46:32 +02:00 · 2015-04-08 15:46:32 +02:00 · cb2b9e870b
commit cb2b9e870b
parent aada8fe1d5
3 changed files with 35 additions and 18 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@ -414,7 +414,7 @@ class CsSite2SiteVpn(CsDataBag):
            self.deletevpn(ip)

    def deletevpn(self, ip):
-        logging.info("Removinf VPN configuration for %s", ip)
+        logging.info("Removing VPN configuration for %s", ip)
        CsHelper.execute("ipsec auto --down vpn-%s" % ip)
        CsHelper.execute("ipsec auto --delete vpn-%s" % ip)
        vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, ip)
@ -586,15 +586,36 @@ class CsForwardingRules(CsDataBag):
        self.fw.append(["nat", "", fw6])

    def forward_vpc(self, rule):
-        fwrule = "-A PREROUTING -d %s/32" % rule["public_ip"]
+        fw_prerout_rule = "-A PREROUTING -d %s/32 -i %s" % (rule["public_ip"], self.getDeviceByIp(rule['public_ip']))
        if not rule["protocol"] == "any":
-            fwrule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+            fw_prerout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
        if not rule["public_ports"] == "any":
-            fwrule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
-        fwrule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+            fw_prerout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_prerout_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
        if not rule["internal_ports"] == "any":
-            fwrule += ":" + self.portsToString(rule["internal_ports"], "-")
-        self.fw.append(["nat", "", fwrule])
+            fw_prerout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_postrout_rule = "-A POSTROUTING -d %s/32 " % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_postrout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_postrout_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_postrout_rule += " -j SNAT --to-source %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_postrout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        fw_output_rule = "-A OUTPUT -d %s/32" % rule["public_ip"]
+        if not rule["protocol"] == "any":
+            fw_output_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
+        if not rule["public_ports"] == "any":
+            fw_output_rule += " --dport %s" % self.portsToString(rule["public_ports"], ":")
+        fw_output_rule += " -j DNAT --to-destination %s" % rule["internal_ip"]
+        if not rule["internal_ports"] == "any":
+            fw_output_rule += ":" + self.portsToString(rule["internal_ports"], "-")
+        
+        self.fw.append(["nat", "", fw_prerout_rule])
+        self.fw.append(["nat", "", fw_postrout_rule])
+        self.fw.append(["nat", "", fw_output_rule])

    def processStaticNatRule(self, rule):
        # FIXME this needs ordering with the VPN no nat rule
@ -605,6 +626,8 @@ class CsForwardingRules(CsDataBag):
                        "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
        self.fw.append(["nat", "front",
                        "-A POSTROUTING -o %s -s %s/32 -j SNAT --to-source %s" % (device, rule["internal_ip"], rule["public_ip"])])
+        self.fw.append(["nat", "front",
+                        "-A OUTPUT -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])


 def main(argv):
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@ -129,10 +129,11 @@ class CsInterface:
        if self.config.is_vpc():
            return self.get_attr("gateway")
        else:
-            if self.config.cmdline().is_redundant():
-                return self.config.cmdline().get_guest_gw()
-            else:
-                return self.get_ip()
+            return self.config.cmdline().get_guest_gw()
+#             if self.config.cmdline().is_redundant():
+#                 return self.config.cmdline().get_guest_gw()
+#             else:
+#                 return self.get_ip()

    def ip_in_subnet(self, ip):
        ipo = IPAddress(ip)
--- a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
+++ b/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ
@ -19,12 +19,6 @@ global_defs {
   router_id [ROUTER_ID]
 }

-!vrrp_script check_bumpup {
-    !script "[RROUTER_BIN_PATH]/check_bumpup.sh"
-    !interval 5
-    !weight [DELTA]
-!}
-
 vrrp_script heartbeat {
    script "[RROUTER_BIN_PATH]/heartbeat.sh"
    interval 10
@ -48,7 +42,6 @@ vrrp_instance inside_network {
    }

    track_script {
-        !check_bumpup
        heartbeat
    }