|
Last change
on this file since 2890 was
2874,
checked in by broder, 15 years ago
|
|
Cleanup the invirt-web iptables so that what their doing is clearer.
|
|
File size:
682 bytes
|
| Rev | Line | |
|---|
| [1055] | 1 | <% |
|---|
| 2 | |
|---|
| 3 | from invirt.config import structs as cfg |
|---|
| [2874] | 4 | host_port = cfg.vnc.base_port |
|---|
| 5 | server_port = host_port |
|---|
| [1055] | 6 | |
|---|
| 7 | %>\ |
|---|
| 8 | *nat |
|---|
| 9 | :PREROUTING ACCEPT [5:300] |
|---|
| 10 | :POSTROUTING ACCEPT [8:674] |
|---|
| 11 | :OUTPUT ACCEPT [8:674] |
|---|
| 12 | % for h in cfg.hosts: |
|---|
| [2874] | 13 | -A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port} |
|---|
| 14 | -A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} |
|---|
| 15 | <% server_port += 1 %>\ |
|---|
| [1055] | 16 | % endfor |
|---|
| 17 | COMMIT |
|---|
| 18 | |
|---|
| 19 | *filter |
|---|
| 20 | :INPUT ACCEPT [366:44912] |
|---|
| 21 | :FORWARD ACCEPT [0:0] |
|---|
| 22 | :OUTPUT ACCEPT [292:53151] |
|---|
| 23 | % for h in cfg.hosts: |
|---|
| [2874] | 24 | -A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT |
|---|
| [1055] | 25 | % endfor |
|---|
| 26 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
