diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index bf4a35d77a8..a691b1bee83 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -3134,13 +3134,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } - // check for ip address/port conflicts by checking existing forwarding and load balancing rules - List existingNatRules = _rulesDao.findByPublicIpPrivateIpForNatRule(ipAddr, userVM.getGuestIpAddress()); + // check for ip address/port conflicts by checking existing port/ip forwarding rules + List existingFirewallRules = _rulesDao.findRuleByPublicIp(ipAddr); - if(existingNatRules.size() > 0){ - throw new NetworkRuleConflictException("The specified rule for public ip:"+ipAddr+" vm id:"+virtualMachineId+" already exists"); + if(existingFirewallRules.size() > 0){ + throw new NetworkRuleConflictException("There already exists a firewall rule for public ip:"+ipAddr); } + //check for ip address/port conflicts by checking existing load balancing rules + List existingLoadBalancerRules = _loadBalancerDao.listByIpAddress(ipAddr); + + if(existingLoadBalancerRules.size() > 0){ + throw new NetworkRuleConflictException("There already exists a load balancer rule for public ip:"+ipAddr); + } + //if given ip address is already source nat, return error if(ipAddress.isSourceNat()){ throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a source nat ip address"); diff --git a/server/src/com/cloud/network/dao/FirewallRulesDao.java b/server/src/com/cloud/network/dao/FirewallRulesDao.java index d9247c36fdf..62cb4bde12e 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDao.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDao.java @@ -49,9 +49,9 @@ public interface FirewallRulesDao extends GenericDao { public List listByLoadBalancerId(long loadBalancerId); public List listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp); public FirewallRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding); - public List findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp); public List listByPrivateIp(String privateIp); public boolean isPublicIpOneToOneNATted(String publicIp); void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port); - public List listIPForwardingForLB(long userId, long dcId); + public List listIPForwardingForLB(long userId, long dcId); + public List findRuleByPublicIp(String publicIp); } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index cd83a38d661..8a2033d7cea 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -64,7 +64,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i protected SearchBuilder FWByIpForLB; protected SearchBuilder FWByGroupAndPrivateIp; - protected SearchBuilder FWByPrivateIpPrivatePortPublicIpPublicPortSearch; + protected SearchBuilder FWByPublicIpSearch; protected SearchBuilder OneToOneNATSearch; @@ -141,12 +141,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i FWByGroupAndPrivateIp.and("forwarding", FWByGroupAndPrivateIp.entity().isForwarding(), SearchCriteria.Op.EQ); FWByGroupAndPrivateIp.done(); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch = createSearchBuilder(); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privateIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getPrivateIpAddress(), SearchCriteria.Op.EQ); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privatePort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getPrivatePort(), SearchCriteria.Op.NULL); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicPort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getPublicPort(), SearchCriteria.Op.NULL); - FWByPrivateIpPrivatePortPublicIpPublicPortSearch.done(); + FWByPublicIpSearch = createSearchBuilder(); + FWByPublicIpSearch.and("publicIpAddress", FWByPublicIpSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); + FWByPublicIpSearch.done(); OneToOneNATSearch = createSearchBuilder(); OneToOneNATSearch.and("publicIpAddress", OneToOneNATSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); @@ -363,10 +360,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i } @Override - public List findByPublicIpPrivateIpForNatRule(String publicIp, String privateIp){ - SearchCriteria sc = FWByPrivateIpPrivatePortPublicIpPublicPortSearch.create(); + public List findRuleByPublicIp(String publicIp){ + SearchCriteria sc = FWByPublicIpSearch.create(); sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("privateIpAddress", privateIp); return listBy(sc); }