X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/dbc720a8ee1dfdbc48fa3e17e8ef8af4aed7efe4..a3da7445fa7d11b899fed44478c3c6ed85a85539:/files/etc/invirt-iptables/rules.d/50-invirt-web.mako diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako index a8f218b..ad5c923 100644 --- a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako +++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako @@ -1,8 +1,8 @@ <% from invirt.config import structs as cfg -h_port = cfg.vnc.base_port -port = cfg.vnc.base_port +host_port = cfg.vnc.base_port +server_port = host_port %>\ *nat @@ -10,9 +10,9 @@ port = cfg.vnc.base_port :POSTROUTING ACCEPT [8:674] :OUTPUT ACCEPT [8:674] % for h in cfg.hosts: --A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} --A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} -<% port += 1 %> +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% server_port += 1 %>\ % endfor COMMIT @@ -21,6 +21,6 @@ COMMIT :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [292:53151] % for h in cfg.hosts: --A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT % endfor COMMIT