Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 53ECA17463 for ; Wed, 20 May 2015 11:07:24 +0000 (UTC) Received: (qmail 93575 invoked by uid 500); 20 May 2015 11:07:24 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 93543 invoked by uid 500); 20 May 2015 11:07:24 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 93529 invoked by uid 99); 20 May 2015 11:07:24 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 May 2015 11:07:24 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 0F745DFBCA; Wed, 20 May 2015 11:07:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ekho@apache.org To: commits@cloudstack.apache.org Date: Wed, 20 May 2015 11:07:24 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: updated refs/heads/master to c78f58e Repository: cloudstack Updated Branches: refs/heads/master ab7473eea -> c78f58e54 Allow forward to fix port forwarding rules Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ab915b6c Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ab915b6c Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ab915b6c Branch: refs/heads/master Commit: ab915b6c921452fa7999c1f882add4ea3a82419a Parents: dacdf97 Author: Ian Southam Authored: Tue May 19 12:54:38 2015 +0000 Committer: Ian Southam Committed: Tue May 19 12:54:38 2015 +0000 ---------------------------------------------------------------------- .../debian/config/opt/cloud/bin/configure.py | 33 ++++++++++++++------ 1 file changed, 24 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab915b6c/systemvm/patches/debian/config/opt/cloud/bin/configure.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 799e279..c0b2ad5 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -529,7 +529,8 @@ class CsForwardingRules(CsDataBag): def forward_vr(self, rule): fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( rule['public_ip'], + ( + rule['public_ip'], self.getDeviceByIp(rule['public_ip']), rule['protocol'], rule['protocol'], @@ -538,7 +539,8 @@ class CsForwardingRules(CsDataBag): self.portsToString(rule['internal_ports'], '-') ) fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( rule['public_ip'], + ( + rule['public_ip'], self.getDeviceByIp(rule['internal_ip']), rule['protocol'], rule['protocol'], @@ -547,7 +549,8 @@ class CsForwardingRules(CsDataBag): self.portsToString(rule['internal_ports'], '-') ) fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ - ( rule['public_ip'], + ( + rule['public_ip'], rule['protocol'], rule['protocol'], self.portsToString(rule['public_ports'], ':'), @@ -555,35 +558,47 @@ class CsForwardingRules(CsDataBag): self.portsToString(rule['internal_ports'], '-') ) fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ - ( self.getGatewayByIp(rule['internal_ip']), + ( + self.getGatewayByIp(rule['internal_ip']), self.getNetworkByIp(rule['internal_ip']), rule['internal_ip'], self.getDeviceByIp(rule['internal_ip']), rule['protocol'], rule['protocol'], self.portsToString(rule['internal_ports'], ':') - ) + ) fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \ - ( rule['public_ip'], + ( + rule['public_ip'], self.getDeviceByIp(rule['public_ip']), rule['protocol'], rule['protocol'], self.portsToString(rule['public_ports'], ':'), hex(int(self.getDeviceByIp(rule['public_ip'])[3:])) - ) + ) fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ - ( rule['public_ip'], + ( + rule['public_ip'], self.getDeviceByIp(rule['public_ip']), rule['protocol'], rule['protocol'], self.portsToString(rule['public_ports'], ':'), - ) + ) + fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW -j ACCEPT" % \ + ( + self.getDeviceByIp(rule['public_ip']), + self.getDeviceByIp(rule['internal_ip']), + rule['protocol'], + rule['protocol'], + self.portsToString(rule['internal_ports'], ':') + ) self.fw.append(["nat", "", fw1]) self.fw.append(["nat", "", fw2]) self.fw.append(["nat", "", fw3]) self.fw.append(["nat", "", fw4]) self.fw.append(["nat", "", fw5]) self.fw.append(["nat", "", fw6]) + self.fw.append(["", "", fw7]) def forward_vpc(self, rule): fw_prerout_rule = "-A PREROUTING -d %s/32 -i %s" % (rule["public_ip"], self.getDeviceByIp(rule['public_ip']))