Changeset 2874 for trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako

Timestamp:

Jan 14, 2010, 2:35:11 PM (14 years ago)

Author:

broder

Message:

Cleanup the invirt-web iptables so that what their doing is clearer.

File:

• trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako (modified) (3 diffs)

trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako

@@ -2 +2 @@
 
 from invirt.config import structs as cfg
-h_port = cfg.vnc.base_port
-port = cfg.vnc.base_port
+host_port = cfg.vnc.base_port
+server_port = host_port
 
 %>\
@@ -11 +11 @@
 :OUTPUT ACCEPT [8:674]
 % for h in cfg.hosts:
--A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
--A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
-<% port += 1 %>
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% server_port += 1 %>\
 % endfor
 COMMIT
@@ -22 +22 @@
 :OUTPUT ACCEPT [292:53151]
 % for h in cfg.hosts:
--A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT 
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT 
 % endfor
 COMMIT