FORWARD rules for public network
CentOS7 comes with pre-defined REJECT rule in FORWARD chain that doesn't allow to access external networks from public network. When deploying ISO with virtualbox scripts slave nodes are trying to connect to external networks via public net, with default gateway on master node. However, they can't establish a connection because there is no explicit rule in FORWARD chain to allow it, so they are rejected. This commit adds rules to allow connection to ext networks in that usecase. Compatible with CentOS6 & CentOS7 master node. Blueprint: master-on-centos7 Change-Id: I5b61ae6e7562ea5b446809027c487acc11119889
This commit is contained in:
parent
9fa54b7e28
commit
c5cbe939d6
|
@ -209,6 +209,10 @@ enable_outbound_network_for_product_vm() {
|
|||
expect "$prompt"
|
||||
send "/sbin/iptables -t nat -A POSTROUTING -s $master_pub_net/24 \! -d $master_pub_net/24 -j MASQUERADE\r"
|
||||
expect "$prompt"
|
||||
send "/sbin/iptables -I FORWARD 1 --dst $master_pub_net/24 -j ACCEPT\r"
|
||||
expect "$prompt"
|
||||
send "/sbin/iptables -I FORWARD 1 --src $master_pub_net/24 -j ACCEPT\r"
|
||||
expect "$prompt"
|
||||
send "service iptables save >/dev/null 2>&1\r"
|
||||
expect "$prompt"
|
||||
send "dockerctl restart cobbler >/dev/null 2>&1\r"
|
||||
|
|
Loading…
Reference in New Issue