CS-15506 : allow traffic going out domr in FORWARD chain

2012-07-09 18:29:49 -07:00 · 2012-07-09 18:29:49 -07:00 · 5cd6516d21
parent 08b9b3bc5b
commit 5cd6516d21
1 changed files with 4 additions and 0 deletions
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_snat.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_snat.sh
@ -15,6 +15,7 @@
 # @VERSION@

 source /root/func.sh
+source /opt/cloud/bin/vpc_func.sh

 lock="biglock"
 locked=$(getLockFile $lock)
@ -31,6 +32,9 @@ usage() {

 add_snat() {
  logger -t cloud "$(basename $0):Added SourceNAT $pubIp on interface $ethDev"
+  vpccidr=$(getVPCcidr)
+  sudo iptables -D FORWARD -s $vpccidr ! -d $vpccidr -j ACCEPT
+  sudo iptables -A FORWARD -s $vpccidr ! -d $vpccidr -j ACCEPT
  sudo iptables -t nat -D POSTROUTING   -j SNAT -o $ethDev --to-source $pubIp
  sudo iptables -t nat -A POSTROUTING   -j SNAT -o $ethDev --to-source $pubIp
  return $?