CLOUDSTACK-9967: Fixed static nat iptables rules order issue on additional public subnet ip (#2154)

2017-08-21 22:34:40 +05:30 · 2017-08-21 22:34:40 +05:30 · 40d7746038
parent 0c6cf69eee
commit 40d7746038
1 changed files with 5 additions and 4 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@ -928,12 +928,13 @@ class CsForwardingRules(CsDataBag):
        device = self.getDeviceByIp(rule["public_ip"])
        if device is None:
            raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"])
+
        self.fw.append(["mangle", "",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % \
-                        (rule["internal_ip"], device[len("eth"):])])
-        self.fw.append(["mangle", "",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
                        rule["internal_ip"]])
+        self.fw.append(["mangle", "",
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % \
+                        (rule["internal_ip"], device[len("eth"):])])
        self.fw.append(["nat", "front",
                        "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
        self.fw.append(["nat", "front",