etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-16254: 

passwd_server listen on every interface, but only guest interface is enabled for that port

reviewed-by: kelven
This commit is contained in:
Anthony Xu 2012-08-31 17:31:02 -07:00
parent 0693aac774
commit 2972cdec90
4 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
patches/systemvm/debian/config/etc/init.d/cloud-early-config
View File

@ -540,7 +540,8 @@ setup_router() {
fi
fi
sudo iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
setup_dnsmasq

2
patches/systemvm/debian/config/etc/iptables/iptables-router
View File

@ -17,8 +17,6 @@ COMMIT
-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

3
patches/systemvm/debian/config/opt/cloud/bin/passwd_server
View File

@ -1,11 +1,10 @@
#!/bin/bash
. /etc/default/cloud-passwd-srvr
#guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
while [ "$ENABLED" == "1" ]
do
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bindtodevice=eth0 SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=0.0.0.0 SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
rc=$?
if [ $rc -ne 0 ]

6
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -108,6 +108,10 @@ create_guest_network() {
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
# restore mark from connection mark
local tableName="Table_$dev"
sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@ -125,6 +129,8 @@ destroy_guest_network() {
sudo ip addr del dev $dev $ip/$mask
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
destroy_acl_chain