Fix public network routing from slaves
Since we assign public gateway address on master node, all public
traffic goes through it. Unfortunately, it doesn't reach destination due
to rejecting rule in FORWARD chain:
ACCEPT all -- 10.20.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere
ext-filter-forward all -- anywhere anywhere
The commit fixes that problem by inserting (-I), not appending (-A)
ext-filter-forward entry. In that case that rule will have higher
priority and won't break routing.
ACCEPT all -- 10.20.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
ext-filter-forward all -- anywhere anywhere
REJECT all -- anywhere anywhere
Change-Id: I7887f08a175fa0ce06654dc1fc18ab412cb296f5
Closes-Bug: #1566968
(cherry picked from commit 80e86854be
)
This commit is contained in:
parent
3b40e0c284
commit
9373c6e955
|
@ -234,7 +234,7 @@ enable_outbound_network_for_product_vm() {
|
|||
expect "$prompt"
|
||||
send "/sbin/iptables -t nat -A POSTROUTING -j ext-nat-postrouting\r"
|
||||
expect "$prompt"
|
||||
send "/sbin/iptables -t filter -A FORWARD -j ext-filter-forward\r"
|
||||
send "/sbin/iptables -t filter -I FORWARD -j ext-filter-forward\r"
|
||||
expect "$prompt"
|
||||
send "service iptables save &>/dev/null\r"
|
||||
expect "$prompt"
|
||||
|
|
Loading…
Reference in New Issue