Browse Source

FORWARD rules for public network

CentOS7 comes with pre-defined REJECT rule in FORWARD chain
that doesn't allow to access external networks from public
network.

When deploying ISO with virtualbox scripts slave nodes are trying
to connect to external networks via public net, with default
gateway on master node. However, they can't establish a connection
because there is no explicit rule in FORWARD chain to allow it,
so they are rejected.

This commit adds rules to allow connection to ext networks in
that usecase.

Compatible with CentOS6 & CentOS7 master node.

Blueprint: master-on-centos7

Change-Id: I5b61ae6e7562ea5b446809027c487acc11119889
Dmitry Teselkin 3 years ago
parent
commit
c5cbe939d6
1 changed files with 4 additions and 0 deletions
  1. 4
    0
      functions/product.sh

+ 4
- 0
functions/product.sh View File

@@ -209,6 +209,10 @@ enable_outbound_network_for_product_vm() {
209 209
         expect "$prompt"
210 210
         send "/sbin/iptables -t nat -A POSTROUTING -s $master_pub_net/24 \! -d $master_pub_net/24 -j MASQUERADE\r"
211 211
         expect "$prompt"
212
+        send "/sbin/iptables -I FORWARD 1 --dst $master_pub_net/24 -j ACCEPT\r"
213
+        expect "$prompt"
214
+        send "/sbin/iptables -I FORWARD 1 --src $master_pub_net/24 -j ACCEPT\r"
215
+        expect "$prompt"
212 216
         send "service iptables save >/dev/null 2>&1\r"
213 217
         expect "$prompt"
214 218
         send "dockerctl restart cobbler >/dev/null 2>&1\r"

Loading…
Cancel
Save