<% from invirt.config import structs as cfg host_port = cfg.vnc.base_port server_port = host_port %>\ *nat :PREROUTING ACCEPT [5:300] :POSTROUTING ACCEPT [8:674] :OUTPUT ACCEPT [8:674] % for h in cfg.hosts: -A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port} -A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} <% server_port += 1 %>\ % endfor COMMIT *filter :INPUT ACCEPT [366:44912] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [292:53151] % for h in cfg.hosts: -A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT % endfor COMMIT