openstack
/
fuel-virtualbox
Code Issues Proposed changes

Fix public network routing from slaves 

Since we assign public gateway address on master node, all public
traffic goes through it. Unfortunately, it doesn't reach destination due
to rejecting rule in FORWARD chain:

    ACCEPT              all  --  10.20.0.0/24         anywhere
    ACCEPT              all  --  anywhere             anywhere
    REJECT              all  --  anywhere             anywhere
    ext-filter-forward  all  --  anywhere             anywhere

The commit fixes that problem by inserting (-I), not appending (-A)
ext-filter-forward entry. In that case that rule will have higher
priority and won't break routing.

    ACCEPT              all  --  10.20.0.0/24         anywhere
    ACCEPT              all  --  anywhere             anywhere
    ext-filter-forward  all  --  anywhere             anywhere
    REJECT              all  --  anywhere             anywhere

Change-Id: I7887f08a175fa0ce06654dc1fc18ab412cb296f5
Closes-Bug: #1566968
This commit is contained in:
Igor Kalnitsky 2016-04-05 18:43:02 +03:00 committed by Maksim Malchuk
parent 3b40e0c284
commit 80e86854be
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
functions/product.sh
View File

@ -234,7 +234,7 @@ enable_outbound_network_for_product_vm() {
expect "$prompt"
send "/sbin/iptables -t nat -A POSTROUTING -j ext-nat-postrouting\r"
expect "$prompt"
send "/sbin/iptables -t filter -A FORWARD -j ext-filter-forward\r"
send "/sbin/iptables -t filter -I FORWARD -j ext-filter-forward\r"
expect "$prompt"
send "service iptables save &>/dev/null\r"
expect "$prompt"