[
https://issues.apache.org/jira/browse/VCL-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16023801#comment-16023801
]
ASF subversion and git services commented on VCL-1031:
------------------------------------------------------
Commit 1796111 from [email protected] in branch 'vcl/trunk'
[ https://svn.apache.org/r1796111 ]
VCL-1031
Updated Module.pm::create_nathost_os_object to check to make sure various
things were correct before returning true, including:
* public IP and internal IP defined
* firewall object is defined
* firewall object implements nat_configure_reservation and nat_configure_host
Added code to set NAT host public and internal IP addresses in NAT host OS's
DataStructure object. These were available to the OS object of the computer
being loaded but not the NAT host OS or its firewall object.
Moved calls to nat_configure_host and nat_configure_reservation from
OS.pm::process_connect_methods to OS.pm::reserve. process_connect_methods is
called after the user clicks Connect. These NAT steps added time between
clicking Connect and actually being able to connect. These steps can be safely
done earlier in reserve.
Renamed Linux.pm::set_default_gateway and Windows.pm::set_public_default_route
to set_static_default_gateway so they match.
Updated Linux.pm::set_default_gateway to add DEFROUT=no to ifcfg files in order
to completely override a different DHCP-assigned route.
Added call to set_static_default_gateway in OS.pm::update_public_ip_address if
computer is assigned to a NAT host, DHCP is used, and the computer's current
gateway isn't the NAT host's internal IP address. This forces the computer to
use the NAT host's address as its gateway.
Added OS.pm::get_correct_default_gateway to reduce duplicate code. It checks if
NAT is used, or public IP is static/DHCP assigned.
Added OS.pm::set_config_file_parameter to make it easier to add or modify
settings in various types of config files.
Added code to Linux.pm::pre_capture to delete any route files that may have
been added by set_static_default_gateway. Also added lines to clean out
HOSTNAME and GATEWAY lines from network file if they exist.
Improved Linux.pm::enable_ip_forwarding to configure /etc/sysctl.conf rather
than simply calling 'echo 1 > /proc/sys/net/ipv4/ip_forward'. This wasn't
persisting across reboots which is problematic for NAT hosts.
Updated firewalld.pm::delete_chain to accept a chain name pattern argument.
Updated iptables.pm NAT host configuration to use dedicated chains.
> Update iptables.pm to be used for all iptables configuration
> ------------------------------------------------------------
>
> Key: VCL-1031
> URL: https://issues.apache.org/jira/browse/VCL-1031
> Project: VCL
> Issue Type: Improvement
> Components: vcld (backend)
> Reporter: Andy Kurth
> Assignee: Andy Kurth
> Fix For: 2.5
>
>
> The iptables.pm module was created when the NAT functionality was added. Up
> to this point, it is only being used to configure the firewall on the NAT
> host. The Linux OS modules are still used to configure iptables. With the
> addition of firewalld (VCL-972) and ufw (VCL-971), all of the Linux firewall
> code should be pulled out of the main OS module and into the dedicated file.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
