Last change
on this file since 3050 was
2874,
checked in by broder, 15 years ago
|
Cleanup the invirt-web iptables so that what their doing is clearer.
|
File size:
682 bytes
|
Line | |
---|
1 | <% |
---|
2 | |
---|
3 | from invirt.config import structs as cfg |
---|
4 | host_port = cfg.vnc.base_port |
---|
5 | server_port = host_port |
---|
6 | |
---|
7 | %>\ |
---|
8 | *nat |
---|
9 | :PREROUTING ACCEPT [5:300] |
---|
10 | :POSTROUTING ACCEPT [8:674] |
---|
11 | :OUTPUT ACCEPT [8:674] |
---|
12 | % for h in cfg.hosts: |
---|
13 | -A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port} |
---|
14 | -A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} |
---|
15 | <% server_port += 1 %>\ |
---|
16 | % endfor |
---|
17 | COMMIT |
---|
18 | |
---|
19 | *filter |
---|
20 | :INPUT ACCEPT [366:44912] |
---|
21 | :FORWARD ACCEPT [0:0] |
---|
22 | :OUTPUT ACCEPT [292:53151] |
---|
23 | % for h in cfg.hosts: |
---|
24 | -A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT |
---|
25 | % endfor |
---|
26 | COMMIT |
---|
Note: See
TracBrowser
for help on using the repository browser.