Updated Branches:
refs/heads/master 33fdcf104 -> 4a0e645e2
CS-16254:
passwd_server listen on every interface, but only guest interface is
enabled for that port
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit:
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/4a0e645e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/4a0e645e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/4a0e645e
Branch: refs/heads/master
Commit: 4a0e645e28d3a0c1fb563ce9c0070225cd9be4c9
Parents: 33fdcf1
Author: Anthony Xu <[email protected]>
Authored: Fri Sep 7 17:10:54 2012 -0700
Committer: Anthony Xu <[email protected]>
Committed: Fri Sep 7 17:10:54 2012 -0700
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/passwd_server | 3 +--
.../debian/config/opt/cloud/bin/vpc_guestnw.sh | 6 ++++++
2 files changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4a0e645e/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
index 596715e..7e93b67 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
+++ b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
@@ -1,11 +1,10 @@
#!/bin/bash
. /etc/default/cloud-passwd-srvr
-guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
while [ "$ENABLED" == "1" ]
do
- socat -lf /var/log/cloud.log
TCP4-LISTEN:8080,reuseaddr,crnl,bind=$guestIp
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
+ socat -lf /var/log/cloud.log
TCP4-LISTEN:8080,reuseaddr,crnl,bind=0.0.0.0
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
rc=$?
if [ $rc -ne 0 ]
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4a0e645e/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index cb98fd4..ee9960c 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -124,6 +124,10 @@ create_guest_network() {
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+ sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j
ACCEPT
+ sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j
ACCEPT
+ sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j
ACCEPT
+ sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j
ACCEPT
# restore mark from connection mark
local tableName="Table_$dev"
sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@@ -141,6 +145,8 @@ destroy_guest_network() {
sudo ip addr del dev $dev $ip/$mask
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+ sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j
ACCEPT
+ sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j
ACCEPT
sudo iptables -t mangle -D PREROUTING -i $dev -m state --state
ESTABLISHED,RELATED -j CONNMARK --restore-mark
sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT
--to-source $ip
destroy_acl_chain
