Fixes for local mgmt network
diff --git a/files/etc/libvirt/hooks/daemon b/files/etc/libvirt/hooks/daemon
index 61a4faf..8d9102b 100644
--- a/files/etc/libvirt/hooks/daemon
+++ b/files/etc/libvirt/hooks/daemon
@@ -2,7 +2,7 @@
SHELL="/bin/bash"
-NIC=$( route|grep default|awk '{print$8}' )
+NIC=$( route|grep default|awk '{print $NF}' )
NAME="${1}"
OP="${2}"
@@ -18,7 +18,7 @@
iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
if [ "$?" -ne 0 ]
then
- iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+ iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
fi
}
diff --git a/files/etc/libvirt/hooks/qemu b/files/etc/libvirt/hooks/qemu
index 903fced..2b059cb 100644
--- a/files/etc/libvirt/hooks/qemu
+++ b/files/etc/libvirt/hooks/qemu
@@ -2,7 +2,7 @@
SHELL="/bin/bash"
-NIC=$( route|grep default|awk '{print$8}' )
+NIC=$( route|grep default|awk '{print $NF}' )
PORTAL=$( dig +short portal.opencloud.us )
NAME="${1}"
@@ -11,25 +11,29 @@
ARGS="${4}"
add_rule() {
- ARGS=$1
- iptables -C FORWARD $ARGS
+ CHAIN=$1
+ ARGS=$2
+ iptables -C $CHAIN $ARGS
if [ "$?" -ne 0 ]
then
- iptables -I FORWARD 1 $ARGS
+ iptables -I $CHAIN 1 $ARGS
fi
}
add_local_access_rules() {
SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
- add_rule "-s $SUBNET -j ACCEPT"
+ PRIVATENET=$( ip addr show virbr0|grep "inet "|awk '{print $2}' )
+ add_rule "FORWARD" "-s $SUBNET -j ACCEPT"
+ # Don't NAT traffic from service VMs destined to the local subnet
+ add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN"
}
add_portal_access_rules() {
- add_rule "-s $PORTAL -j ACCEPT"
+ add_rule "FORWARD" "-s $PORTAL -j ACCEPT"
}
add_web_access_rules() {
- add_rule "-p tcp --dport 80 -j ACCEPT"
+ add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT"
}
if [ "$OP" = "start" ]
@@ -37,4 +41,4 @@
add_local_access_rules
add_portal_access_rules
add_web_access_rules
-fi
+fi