Merge "Fixes snat rules in complex networking configs" into stable/essex

2013-03-20 00:00:28 +00:00 · 2013-03-20 00:00:28 +00:00 · 1ee892bb37
parent efaacdaee1 3bf5a586de
commit 1ee892bb37
2 changed files with 20 additions and 14 deletions
--- a/nova/network/l3.py
+++ b/nova/network/l3.py
@ -103,11 +103,13 @@ class LinuxNetL3(L3Driver):

    def add_floating_ip(self, floating_ip, fixed_ip, l3_interface_id):
        linux_net.bind_floating_ip(floating_ip, l3_interface_id)
-        linux_net.ensure_floating_forward(floating_ip, fixed_ip)
+        linux_net.ensure_floating_forward(floating_ip, fixed_ip,
+                                          l3_interface_id)

    def remove_floating_ip(self, floating_ip, fixed_ip, l3_interface_id):
        linux_net.unbind_floating_ip(floating_ip, l3_interface_id)
-        linux_net.remove_floating_forward(floating_ip, fixed_ip)
+        linux_net.remove_floating_forward(floating_ip, fixed_ip,
+                                          l3_interface_id)

    def add_vpn(self, public_ip, port, private_ip):
        linux_net.ensure_vpn_forward(public_ip, port, private_ip)
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@ -425,11 +425,13 @@ def metadata_accept():


 def add_snat_rule(ip_range):
-    iptables_manager.ipv4['nat'].add_rule('snat',
-                                          '-s %s -j SNAT --to-source %s' %
-                                           (ip_range,
-                                            FLAGS.routing_source_ip))
-    iptables_manager.apply()
+    if FLAGS.routing_source_ip:
+        rule = '-s %s -j SNAT --to-source %s' % (ip_range,
+                                                 FLAGS.routing_source_ip)
+        if FLAGS.public_interface:
+            rule += ' -o %s' % FLAGS.public_interface
+        iptables_manager.ipv4['nat'].add_rule('snat', rule)
+        iptables_manager.apply()


 def init_host(ip_range=None):
@ -499,25 +501,27 @@ def ensure_vpn_forward(public_ip, port, private_ip):
    iptables_manager.apply()


-def ensure_floating_forward(floating_ip, fixed_ip):
+def ensure_floating_forward(floating_ip, fixed_ip, device):
    """Ensure floating ip forwarding rule."""
-    for chain, rule in floating_forward_rules(floating_ip, fixed_ip):
+    for chain, rule in floating_forward_rules(floating_ip, fixed_ip, device):
        iptables_manager.ipv4['nat'].add_rule(chain, rule)
    iptables_manager.apply()


-def remove_floating_forward(floating_ip, fixed_ip):
+def remove_floating_forward(floating_ip, fixed_ip, device):
    """Remove forwarding for floating ip."""
-    for chain, rule in floating_forward_rules(floating_ip, fixed_ip):
+    for chain, rule in floating_forward_rules(floating_ip, fixed_ip, device):
        iptables_manager.ipv4['nat'].remove_rule(chain, rule)
    iptables_manager.apply()


-def floating_forward_rules(floating_ip, fixed_ip):
+def floating_forward_rules(floating_ip, fixed_ip, device):
+    rule = '-s %s -j SNAT --to %s' % (fixed_ip, floating_ip)
+    if device:
+        rule += ' -o %s' % device
    return [('PREROUTING', '-d %s -j DNAT --to %s' % (floating_ip, fixed_ip)),
            ('OUTPUT', '-d %s -j DNAT --to %s' % (floating_ip, fixed_ip)),
-            ('float-snat',
-             '-s %s -j SNAT --to %s' % (fixed_ip, floating_ip))]
+            ('float-snat', rule)]


 def initialize_gateway_device(dev, network_ref):