[cloudstack] branch master updated: CLOUDSTACK-9967: Fixed static nat iptables rules order issue on additional public subnet ip (#2154)

Mon, 21 Aug 2017 10:05:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/master by this push:
     new 40d7746  CLOUDSTACK-9967: Fixed static nat iptables rules order issue 
on additional public subnet ip (#2154)
40d7746 is described below

commit 40d77460386342126fb5533a9139bf6d08137d1d
Author: Jayapal <[email protected]>
AuthorDate: Mon Aug 21 22:34:40 2017 +0530

    CLOUDSTACK-9967: Fixed static nat iptables rules order issue on additional 
public subnet ip (#2154)
---
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py 
b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index a39e10b..252bd2c 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -928,12 +928,13 @@ class CsForwardingRules(CsDataBag):
         device = self.getDeviceByIp(rule["public_ip"])
         if device is None:
             raise Exception("Ip address %s has no device in the ips databag" % 
rule["public_ip"])
+
         self.fw.append(["mangle", "",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j MARK 
--set-xmark 0x%s/0xffffffff" % \
-                        (rule["internal_ip"], device[len("eth"):])])
-        self.fw.append(["mangle", "",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j 
CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j 
CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
                         rule["internal_ip"]])
+        self.fw.append(["mangle", "",
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK 
--set-xmark 0x%s/0xffffffff" % \
+                        (rule["internal_ip"], device[len("eth"):])])
         self.fw.append(["nat", "front",
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % 
(rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",

-- 
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].

Reply via email to