From: Evan Broder <broder@mit.edu>
Date: Thu, 14 Jan 2010 19:35:11 +0000 (-0500)
Subject: Cleanup the invirt-web iptables so that what their doing is clearer.
X-Git-Tag: 0.1.5~3
X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/274284b771c0af40bd1461c0d00db7730c8d53ec?ds=inline

Cleanup the invirt-web iptables so that what their doing is clearer.

svn path=/trunk/packages/invirt-web/; revision=2874
---

diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
index a8f218b..ad5c923 100644
--- a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
+++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
@@ -1,8 +1,8 @@
 <%
 
 from invirt.config import structs as cfg
-h_port = cfg.vnc.base_port
-port = cfg.vnc.base_port
+host_port = cfg.vnc.base_port
+server_port = host_port
 
 %>\
 *nat
@@ -10,9 +10,9 @@ port = cfg.vnc.base_port
 :POSTROUTING ACCEPT [8:674]
 :OUTPUT ACCEPT [8:674]
 % for h in cfg.hosts:
--A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
--A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
-<% port += 1 %>
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% server_port += 1 %>\
 % endfor
 COMMIT
 
@@ -21,6 +21,6 @@ COMMIT
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [292:53151]
 % for h in cfg.hosts:
--A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT 
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT 
 % endfor
 COMMIT