From 274284b771c0af40bd1461c0d00db7730c8d53ec Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Thu, 14 Jan 2010 14:35:11 -0500 Subject: [PATCH] Cleanup the invirt-web iptables so that what their doing is clearer. svn path=/trunk/packages/invirt-web/; revision=2874 --- .../etc/invirt-iptables/rules.d/50-invirt-web.mako | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako index a8f218b..ad5c923 100644 --- a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako +++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako @@ -1,8 +1,8 @@ <% from invirt.config import structs as cfg -h_port = cfg.vnc.base_port -port = cfg.vnc.base_port +host_port = cfg.vnc.base_port +server_port = host_port %>\ *nat @@ -10,9 +10,9 @@ port = cfg.vnc.base_port :POSTROUTING ACCEPT [8:674] :OUTPUT ACCEPT [8:674] % for h in cfg.hosts: --A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} --A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} -<% port += 1 %> +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% server_port += 1 %>\ % endfor COMMIT @@ -21,6 +21,6 @@ COMMIT :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [292:53151] % for h in cfg.hosts: --A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT % endfor COMMIT -- 1.7.9.5