Add the public ip to iptables rules

Adding the ip to the filter to make the DNAT request rightly.

Change-Id: I5e229444bd873cad59f5d038b82294c1f6acd853
This commit is contained in:
Weezer Su 2017-04-26 08:59:45 -05:00 committed by weezer su
parent 5af3089f6a
commit eb5349bc78

View File

@ -19,12 +19,13 @@ if [[ "${DEPLOY_OSA}" = true ]]; then
fi
if [[ "${CONFIG_PREROUTING}" = true ]]; then
EXTERNAL_IP="$(ip route get 1 | awk '{print $NF;exit}')"
# Add 2222 rules to iptables for ssh directly into deployment node.
iptables_filter_rule_add nat 'PREROUTING -p tcp --dport 2222 -j DNAT --to 10.0.0.150:22'
iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport 2222 -j DNAT --to 10.0.0.150:22"
scp -o StrictHostKeyChecking=no deploy1:/opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml .
PORTS="$(get_osad_ports) $OSA_PORTS"
for port in $PORTS ; do
iptables_filter_rule_add nat "PREROUTING -p tcp --dport ${port} -j DNAT --to 10.0.0.150:${port}"
iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport ${port} -j DNAT --to 10.0.0.150:${port}"
done
fi
fi