Fix public network routing from slaves
Since we assign public gateway address on master node, all public traffic goes through it. Unfortunately, it doesn't reach destination due to rejecting rule in FORWARD chain: ACCEPT all -- 10.20.0.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere ext-filter-forward all -- anywhere anywhere The commit fixes that problem by inserting (-I), not appending (-A) ext-filter-forward entry. In that case that rule will have higher priority and won't break routing. ACCEPT all -- 10.20.0.0/24 anywhere ACCEPT all -- anywhere anywhere ext-filter-forward all -- anywhere anywhere REJECT all -- anywhere anywhere Change-Id: I7887f08a175fa0ce06654dc1fc18ab412cb296f5 Closes-Bug: #1566968
This commit is contained in:
parent
3b40e0c284
commit
80e86854be
|
@ -234,7 +234,7 @@ enable_outbound_network_for_product_vm() {
|
|||
expect "$prompt"
|
||||
send "/sbin/iptables -t nat -A POSTROUTING -j ext-nat-postrouting\r"
|
||||
expect "$prompt"
|
||||
send "/sbin/iptables -t filter -A FORWARD -j ext-filter-forward\r"
|
||||
send "/sbin/iptables -t filter -I FORWARD -j ext-filter-forward\r"
|
||||
expect "$prompt"
|
||||
send "service iptables save &>/dev/null\r"
|
||||
expect "$prompt"
|
||||
|
|
Loading…
Reference in New Issue