openstack
/
fuel-virtualbox
Code Issues Proposed changes

Fix public network routing from slaves 

Since we assign public gateway address on master node, all public
traffic goes through it. Unfortunately, it doesn't reach destination due
to rejecting rule in FORWARD chain:

    ACCEPT              all  --  10.20.0.0/24         anywhere
    ACCEPT              all  --  anywhere             anywhere
    REJECT              all  --  anywhere             anywhere
    ext-filter-forward  all  --  anywhere             anywhere

The commit fixes that problem by inserting (-I), not appending (-A)
ext-filter-forward entry. In that case that rule will have higher
priority and won't break routing.

    ACCEPT              all  --  10.20.0.0/24         anywhere
    ACCEPT              all  --  anywhere             anywhere
    ext-filter-forward  all  --  anywhere             anywhere
    REJECT              all  --  anywhere             anywhere

Change-Id: I7887f08a175fa0ce06654dc1fc18ab412cb296f5
Closes-Bug: #1566968
(cherry picked from commit 80e86854be)
This commit is contained in:
Igor Kalnitsky 2016-04-05 18:43:02 +03:00 committed by Maksim Malchuk
parent 3b40e0c284
commit 9373c6e955
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
functions/product.sh
View File

@ -234,7 +234,7 @@ enable_outbound_network_for_product_vm() {
expect "$prompt"
send "/sbin/iptables -t nat -A POSTROUTING -j ext-nat-postrouting\r"
expect "$prompt"
send "/sbin/iptables -t filter -A FORWARD -j ext-filter-forward\r"
send "/sbin/iptables -t filter -I FORWARD -j ext-filter-forward\r"
expect "$prompt"
send "service iptables save &>/dev/null\r"
expect "$prompt"