FORWARD rules for public network

CentOS7 comes with pre-defined REJECT rule in FORWARD chain
that doesn't allow to access external networks from public
network.

When deploying ISO with virtualbox scripts slave nodes are trying
to connect to external networks via public net, with default
gateway on master node. However, they can't establish a connection
because there is no explicit rule in FORWARD chain to allow it,
so they are rejected.

This commit adds rules to allow connection to ext networks in
that usecase.

Compatible with CentOS6 & CentOS7 master node.

Blueprint: master-on-centos7

Change-Id: I5b61ae6e7562ea5b446809027c487acc11119889
This commit is contained in:
Dmitry Teselkin 2015-12-02 02:36:41 +03:00
parent 9fa54b7e28
commit c5cbe939d6
1 changed files with 4 additions and 0 deletions

View File

@ -209,6 +209,10 @@ enable_outbound_network_for_product_vm() {
expect "$prompt"
send "/sbin/iptables -t nat -A POSTROUTING -s $master_pub_net/24 \! -d $master_pub_net/24 -j MASQUERADE\r"
expect "$prompt"
send "/sbin/iptables -I FORWARD 1 --dst $master_pub_net/24 -j ACCEPT\r"
expect "$prompt"
send "/sbin/iptables -I FORWARD 1 --src $master_pub_net/24 -j ACCEPT\r"
expect "$prompt"
send "service iptables save >/dev/null 2>&1\r"
expect "$prompt"
send "dockerctl restart cobbler >/dev/null 2>&1\r"