open port 3922 on correct eth device
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/946295b1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/946295b1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/946295b1 Branch: refs/heads/master Commit: 946295b1140d4d2dc0063b4c6c7ab763e9254fbd Parents: 915babd Author: Anthony Xu <[email protected]> Authored: Wed Sep 26 12:42:17 2012 -0700 Committer: Anthony Xu <[email protected]> Committed: Wed Sep 26 17:42:42 2012 -0700 ---------------------------------------------------------------------- .../debian/config/etc/init.d/cloud-early-config | 36 ++++++--------- .../config/etc/iptables/iptables-consoleproxy | 1 - .../debian/config/etc/iptables/iptables-secstorage | 2 - 3 files changed, 14 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/init.d/cloud-early-config ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index c579d68..d2c07b5 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -408,7 +408,9 @@ setup_dnsmasq() { setup_sshd(){ local ip=$1 + local eth=$2 [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config + sed -i "/3922/s/eth./$eth/" /etc/iptables/rules } @@ -575,7 +577,6 @@ setup_router() { sed -i /gateway/d /etc/hosts echo "$ETH0_IP $NAME" >> /etc/hosts - setup_sshd $ETH1_IP enable_svc dnsmasq 1 enable_svc haproxy 1 @@ -585,6 +586,7 @@ setup_router() { enable_fwding 1 chkconfig nfs-common off cp /etc/iptables/iptables-router /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" } @@ -644,10 +646,6 @@ EOF sudo ip rule add from $VPCCIDR table static_route 2>/dev/null sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null - sed -i /gateway/d /etc/hosts - - echo "$ETH0_IP $NAME" >> /etc/hosts - setup_sshd $ETH0_IP setup_vpc_apache2 enable_svc dnsmasq 1 @@ -658,6 +656,7 @@ EOF enable_fwding 1 chkconfig nfs-common off cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules + setup_sshd $ETH0_IP "eth0" cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules echo "" > /etc/dnsmasq.d/dhcphosts.txt @@ -696,24 +695,18 @@ setup_dhcpsrvr() { sed -i /gateway/d /etc/hosts echo "$ETH0_IP $NAME" >> /etc/hosts - if [ "$SSHONGUEST" == "true" ] - then - setup_sshd $ETH0_IP - else - setup_sshd $ETH1_IP - fi - enable_svc dnsmasq 1 enable_svc haproxy 0 enable_svc cloud-passwd-srvr 1 enable_svc cloud 0 enable_fwding 0 chkconfig nfs-common off + cp /etc/iptables/iptables-router /etc/iptables/rules if [ "$SSHONGUEST" == "true" ] then - sed '/3922/i -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT' /etc/iptables/iptables-router > /etc/iptables/rules + setup_sshd $ETH0_IP "eth0" else - cp /etc/iptables/iptables-router /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" fi } @@ -745,9 +738,9 @@ setup_secstorage() { cp /etc/iptables/iptables-secstorage /etc/iptables/rules if [ "$hyp" == "vmware" ]; then - setup_sshd $ETH1_IP + setup_sshd $ETH1_IP "eth1" else - setup_sshd $ETH0_IP + setup_sshd $ETH0_IP "eth0" fi setup_apache2 $ETH2_IP @@ -769,9 +762,9 @@ setup_console_proxy() { echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules if [ "$hyp" == "vmware" ]; then - setup_sshd $ETH1_IP + setup_sshd $ETH1_IP "eth1" else - setup_sshd $ETH0_IP + setup_sshd $ETH0_IP "eth0" fi disable_rpfilter @@ -792,13 +785,12 @@ setup_elbvm() { [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP echo "$public_ip $NAME" >> /etc/hosts + cp /etc/iptables/iptables-elbvm /etc/iptables/rules if [ "$SSHONGUEST" == "true" ] then - sed '/3922/s/eth1/eth0/' - setup_sshd $ETH0_IP + setup_sshd $ETH0_IP "eth0" else - cp /etc/iptables/iptables-elbvm /etc/iptables/rules - setup_sshd $ETH1_IP + setup_sshd $ETH1_IP "eth1" fi enable_fwding 0 http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy index 6e23038..ae5d14d 100644 --- a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy +++ b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy @@ -30,7 +30,6 @@ COMMIT -A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp --icmp-type 13 -j DROP -A INPUT -p icmp -j ACCEPT --A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/iptables/iptables-secstorage ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage index 5218fa7..3139924 100755 --- a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage +++ b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage @@ -33,6 +33,4 @@ COMMIT -A INPUT -p icmp --icmp-type 13 -j DROP -A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT --A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT --A INPUT -i eth3 -p tcp -m state --state NEW --dport 3922 -j ACCEPT COMMIT
