Merge pull request #102 from ryanpetrello/master
Adjust the v4 NAT to masquerade on every interface other than mgt.
This commit is contained in:
commit
7638e20292
|
@ -110,6 +110,14 @@ class IPTablesManager(base.Manager):
|
||||||
'''
|
'''
|
||||||
return self.networks_by_type(config, Network.TYPE_EXTERNAL)[0]
|
return self.networks_by_type(config, Network.TYPE_EXTERNAL)[0]
|
||||||
|
|
||||||
|
def get_management_network(self, config):
|
||||||
|
'''
|
||||||
|
Returns the management network
|
||||||
|
|
||||||
|
:rtype: akanda.router.models.Interface
|
||||||
|
'''
|
||||||
|
return self.networks_by_type(config, Network.TYPE_MANAGEMENT)[0]
|
||||||
|
|
||||||
def networks_by_type(self, config, type):
|
def networks_by_type(self, config, type):
|
||||||
'''
|
'''
|
||||||
Returns the external network
|
Returns the external network
|
||||||
|
@ -251,7 +259,6 @@ class IPTablesManager(base.Manager):
|
||||||
|
|
||||||
def _build_v4_nat(self, config):
|
def _build_v4_nat(self, config):
|
||||||
rules = []
|
rules = []
|
||||||
ext_if = self.get_external_network(config).interface
|
|
||||||
|
|
||||||
for network in self.networks_by_type(config, Network.TYPE_INTERNAL):
|
for network in self.networks_by_type(config, Network.TYPE_INTERNAL):
|
||||||
if network.interface.first_v4:
|
if network.interface.first_v4:
|
||||||
|
@ -270,8 +277,9 @@ class IPTablesManager(base.Manager):
|
||||||
))
|
))
|
||||||
|
|
||||||
# Add a masquerade catch-all for VMs without floating IPs
|
# Add a masquerade catch-all for VMs without floating IPs
|
||||||
|
mgt_if = self.get_management_network(config).interface
|
||||||
rules.append(Rule(
|
rules.append(Rule(
|
||||||
'-A POSTROUTING -o %s -j MASQUERADE' % ext_if.ifname,
|
'-A POSTROUTING ! -o %s -j MASQUERADE' % mgt_if.ifname,
|
||||||
ip_version=4
|
ip_version=4
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
|
@ -85,7 +85,7 @@ V4_OUTPUT = [
|
||||||
'-A PREROUTING -i eth1 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
|
'-A PREROUTING -i eth1 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
|
||||||
'-A PREROUTING -i eth2 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
|
'-A PREROUTING -i eth2 -d 172.16.77.50 -j DNAT --to-destination 192.168.0.2', # noqa
|
||||||
'-A PREROUTING -i eth2 -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:9602', # noqa
|
'-A PREROUTING -i eth2 -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:9602', # noqa
|
||||||
'-A POSTROUTING -o eth1 -j MASQUERADE',
|
'-A POSTROUTING ! -o eth0 -j MASQUERADE',
|
||||||
'COMMIT',
|
'COMMIT',
|
||||||
'*raw',
|
'*raw',
|
||||||
':INPUT - [0:0]',
|
':INPUT - [0:0]',
|
||||||
|
|
Loading…
Reference in New Issue