etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

VPC : fix for connection mark

This commit is contained in:
anthony 2012-06-25 16:28:53 -07:00
parent 84a4a7c1c8
commit 669029b8cd
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
View File

@ -13,6 +13,7 @@ COMMIT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
@ -20,7 +21,5 @@ COMMIT
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill
COMMIT

3
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -81,7 +81,7 @@ create_guest_network() {
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
local tableName="Table_$dev"
sudo ip route add $subnet/$mask dev $dev table $tableName proto static
sudo iptables -t mangle -A PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
setup_dnsmasq
}
@ -91,6 +91,7 @@ destroy_guest_network() {
sudo ip addr del dev $dev $ip/$mask
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
desetup_dnsmasq
}