From b8222508acb567d08448b7ada1f268b552dc3648 Mon Sep 17 00:00:00 2001 From: Naredula Janardhana Reddy Date: Mon, 13 Feb 2012 15:08:24 +0530 Subject: [PATCH] Bug 12808: Summary of Changes: Using multiple routing tables to send the packets on the public NIC's based on source IP for the following type of connections: - Inbound connections of Static NAT ip . - Outbound connections of static-NAT (using static NAT-ip for SNAT). Reviewed-by: Abhi --- patches/systemvm/debian/config/root/firewall.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/patches/systemvm/debian/config/root/firewall.sh b/patches/systemvm/debian/config/root/firewall.sh index 0a33dcbd371..eb728592fcd 100755 --- a/patches/systemvm/debian/config/root/firewall.sh +++ b/patches/systemvm/debian/config/root/firewall.sh @@ -185,15 +185,24 @@ static_nat() { local dev=$(ip_to_dev $publicIp) [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1 + local tableNo=$(echo $dev | awk -F'eth' '{print $2}') # shortcircuit the process if error and it is an append operation # continue if it is delete + (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \ + -j MARK -m state --state NEW --set-mark $tableNo) && + (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \ + -m state --state NEW -j CONNMARK --save-mark) && + (sudo iptables -t mangle $op PREROUTING -s $instIp -i eth0 \ + -j MARK -m state --state NEW --set-mark $tableNo) && + (sudo iptables -t mangle $op PREROUTING -s $instIp -i eth0 \ + -m state --state NEW -j CONNMARK --save-mark) && (sudo iptables -t nat $op PREROUTING -i $dev -d $publicIp -j DNAT \ --to-destination $instIp &>> $OUTFILE || [ "$op" == "-D" ]) && (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp -m state \ --state NEW -j ACCEPT &>> $OUTFILE || [ "$op" == "-D" ]) && (sudo iptables -t nat $op2 POSTROUTING $rulenum -s $instIp -j SNAT \ - --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ]) + -o $dev --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ]) result=$? logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"