From 8b909668fb5adc6c5c92cb9f00e9931555668123 Mon Sep 17 00:00:00 2001 From: Murali Reddy Date: Fri, 3 May 2013 16:06:43 +0530 Subject: [PATCH] CLOUDSTACK-2320: On NetScaler RNAT rules are not getting created, blocking public access to the VM's in basic zone using EIP. Its required that both RNAT and INAT rules are required on the NetScaler to provide public connectivity to user VM's in both in-bound and out-bound directions. Currenely only INAT rule is added which permits inbound public traffic to VM. This fix adds RNAT rule aswell, which ensures the outbound public access from the user VM's --- .../network/resource/NetscalerResource.java | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java b/plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java index 677bc785b2c..563cbd47389 100644 --- a/plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java +++ b/plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java @@ -1618,7 +1618,9 @@ public class NetscalerResource implements ServerResource { String srcIp = rule.getSrcIp(); String dstIP = rule.getDstIp(); String iNatRuleName = generateInatRuleName(srcIp, dstIP); + String rNatRuleName = generateRnatRuleName(srcIp, dstIP); inat iNatRule = null; + rnat rnatRule = null; if (!rule.revoked()) { try { @@ -1645,9 +1647,47 @@ public class NetscalerResource implements ServerResource { } s_logger.debug("Created Inat rule on the Netscaler device " + _ip + " to enable static NAT from " + srcIp + " to " + dstIP); } + try { + rnat[] rnatRules = rnat.get(_netscalerService); + if (rnatRules != null) { + for (rnat rantrule : rnatRules) { + if (rantrule.get_network().equalsIgnoreCase(rNatRuleName)) { + rnatRule = rantrule; + break; + } + } + } + } catch (nitro_exception e) { + throw e; + } + + if (rnatRule == null) { + rnatRule = new rnat(); + rnatRule.set_natip(srcIp); + rnatRule.set_network(dstIP); + rnatRule.set_netmask("255.255.255.255"); + try { + apiCallResult = rnat.update(_netscalerService, rnatRule); + } catch (nitro_exception e) { + if (e.getErrorCode() != NitroError.NS_RESOURCE_EXISTS) { + throw e; + } + } + s_logger.debug("Created Rnat rule on the Netscaler device " + _ip + " to enable revese static NAT from " + dstIP + " to " + srcIp); + } } else { try { inat.delete(_netscalerService, iNatRuleName); + rnat[] rnatRules = rnat.get(_netscalerService); + if (rnatRules != null) { + for (rnat rantrule : rnatRules) { + if (rantrule.get_network().equalsIgnoreCase(dstIP)) { + rnatRule = rantrule; + rnat.clear(_netscalerService, rnatRule); + break; + } + } + } } catch (nitro_exception e) { if (e.getErrorCode() != NitroError.NS_RESOURCE_NOT_EXISTS) { throw e; @@ -3090,6 +3130,10 @@ public class NetscalerResource implements ServerResource { return genObjectName("Cloud-Inat", srcIp); } + private String generateRnatRuleName(String srcIp, String dstIP) { + return genObjectName("Cloud-Rnat", srcIp); + } + private String generateNSVirtualServerName(String srcIp, long srcPort) { return genObjectName("Cloud-VirtualServer", srcIp, srcPort); }