fix iptables syntax so vnc works again

diff --git a/debian/changelog b/debian/changelog
index 3bcec0d..5ce1f40 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+invirt-web (0.1.32~glasgall2) precise; urgency=low
+
+  * Fix iptables syntax in 50-invirt-web.mako so VNC works.
+
+ -- Adam Glasgall <glasgall@mit.edu>  Thu, 06 Jun 2013 23:23:42 -0400
+
 invirt-web (0.1.32~glasgall1achernya1) precise; urgency=low
 
   * Switch to dh7

diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
index ad5c923..7082c13 100644 (file)
--- a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
+++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
@@ -10,7 +10,7 @@ server_port = host_port
 :POSTROUTING ACCEPT [8:674]
 :OUTPUT ACCEPT [8:674]
 % for h in cfg.hosts:
--A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
+-A PREROUTING ! -s ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
 -A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
 <% server_port += 1 %>\
 % endfor