diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh new file mode 100755 index 00000000000..15ecc6c896c --- /dev/null +++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh @@ -0,0 +1,107 @@ +#!/usr/bin/env bash +# Copyright 2012 Citrix Systems, Inc. Licensed under the +# Apache License, Version 2.0 (the "License"); you may not use this +# file except in compliance with the License. Citrix Systems, Inc. +# reserves all rights not expressly granted by the License. +# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Automatically generated by addcopyright.py at 04/03/2012 +# @VERSION@ + +source /root/func.sh +source /opt/cloud/bin/vpc_func.sh +lock="biglock" +locked=$(getLockFile $lock) +if [ "$locked" != "1" ] +then + exit 1 +fi + +usage() { + printf "Usage: %s: (-A|-D) -r -l -d < eth device> \n" $(basename $0) >&2 +} + +#set -x + +static_nat() { + local op=$1 + local publicIp=$2 + local instIp=$3 + local op2="-D" + local tableNo=${ethDev:3} + + logger -t cloud "$(basename $0): static nat: public ip=$publicIp \ + instance ip=$instIp op=$op" + #if adding, this might be a duplicate, so delete the old one first + [ "$op" == "-A" ] && static_nat "-D" $publicIp $instIp + # the delete operation may have errored out but the only possible reason is + # that the rules didn't exist in the first place + [ "$op" == "-A" ] && rulenum=1 + [ "$op" == "-A" ] && op2="-I" + + # shortcircuit the process if error and it is an append operation + # continue if it is delete + (sudo iptables -t nat $op PREROUTING -d $publicIp -j DNAT \ + --to-destination $instIp &>> $OUTFILE || [ "$op" == "-D" ]) && + # add mark to force the package go out through the eth the public IP is on + #(sudo iptables -t mangle $op PREROUTING -s $instIp -j MARK \ + # --set-mark $tableNo &> $OUTFILE || [ "$op" == "-D" ]) && + (sudo iptables -t nat $op2 POSTROUTING -o $ethDev -s $instIp -j SNAT \ + --to-source $publicIp &>> $OUTFILE ) + result=$? + logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result" + if [ "$op" == "-D" ] + then + return 0 + fi + return $result +} + + + +rflag= +lflag= +dflag= +op="" +while getopts 'ADr:l:' OPTION + +do + case $OPTION in + A) op="-A" + ;; + D) op="-D" + ;; + r) rflag=1 + instanceIp="$OPTARG" + ;; + l) lflag=1 + publicIp="$OPTARG" + ;; + ?) usage + unlock_exit 2 $lock $locked + ;; + esac +done + +ethDev=$(getEthByIp $publicIp) +result=$? +if [ $result -gt 0 ] +then + if [ "$op" == "-D" ] + then + removeRulesForIp $publicIp + unlock_exit 0 $lock $locked + else + unlock_exit $result $lock $locked + fi +fi +OUTFILE=$(mktemp) + +static_nat $op $publicIp $instanceIp +result=$? +unlock_exit $result $lock $locked