etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CS-16254: 

passwd_server listen on every interface, but only guest interface is enabled for that port
This commit is contained in:
Anthony Xu 2012-09-07 17:10:54 -07:00
parent 33fdcf1047
commit 4a0e645e28
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
patches/systemvm/debian/config/opt/cloud/bin/passwd_server
View File

@ -1,11 +1,10 @@
#!/bin/bash
. /etc/default/cloud-passwd-srvr
guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
while [ "$ENABLED" == "1" ]
do
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=$guestIp SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=0.0.0.0 SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
rc=$?
if [ $rc -ne 0 ]

6
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -124,6 +124,10 @@ create_guest_network() {
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
# restore mark from connection mark
local tableName="Table_$dev"
sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@ -141,6 +145,8 @@ destroy_guest_network() {
sudo ip addr del dev $dev $ip/$mask
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
destroy_acl_chain