diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-09-18 16:09:50 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-09-18 16:09:50 +0000 |
| commit | 7281eb059434ea6a94bb0997b12d61cfafbfc1e5 (patch) | |
| tree | ac31ef113cb4f7dad30537915fe5edc681e4aac7 | |
| parent | f615e9c22c4c003ac1cd3d01ec8f7cbabd76b96d (diff) | |
| parent | 959c93f6d3572a189fc3fe73f1811c12323db857 (diff) | |
| download | nova-7281eb059434ea6a94bb0997b12d61cfafbfc1e5.tar.gz nova-7281eb059434ea6a94bb0997b12d61cfafbfc1e5.tar.xz nova-7281eb059434ea6a94bb0997b12d61cfafbfc1e5.zip | |
Merge "Fixes snat rules in complex networking configs"
| -rw-r--r-- | nova/network/l3.py | 6 | ||||
| -rw-r--r-- | nova/network/linux_net.py | 28 |
2 files changed, 20 insertions, 14 deletions
diff --git a/nova/network/l3.py b/nova/network/l3.py index e098c1e8f..e41e6312f 100644 --- a/nova/network/l3.py +++ b/nova/network/l3.py @@ -101,11 +101,13 @@ class LinuxNetL3(L3Driver): def add_floating_ip(self, floating_ip, fixed_ip, l3_interface_id): linux_net.bind_floating_ip(floating_ip, l3_interface_id) - linux_net.ensure_floating_forward(floating_ip, fixed_ip) + linux_net.ensure_floating_forward(floating_ip, fixed_ip, + l3_interface_id) def remove_floating_ip(self, floating_ip, fixed_ip, l3_interface_id): linux_net.unbind_floating_ip(floating_ip, l3_interface_id) - linux_net.remove_floating_forward(floating_ip, fixed_ip) + linux_net.remove_floating_forward(floating_ip, fixed_ip, + l3_interface_id) def add_vpn(self, public_ip, port, private_ip): linux_net.ensure_vpn_forward(public_ip, port, private_ip) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index 207c15783..f991b3659 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -533,11 +533,13 @@ def metadata_accept(): def add_snat_rule(ip_range): - iptables_manager.ipv4['nat'].add_rule('snat', - '-s %s -j SNAT --to-source %s' % - (ip_range, - FLAGS.routing_source_ip)) - iptables_manager.apply() + if FLAGS.routing_source_ip: + rule = '-s %s -j SNAT --to-source %s' % (ip_range, + FLAGS.routing_source_ip) + if FLAGS.public_interface: + rule += ' -o %s' % FLAGS.public_interface + iptables_manager.ipv4['nat'].add_rule('snat', rule) + iptables_manager.apply() def init_host(ip_range=None): @@ -617,25 +619,27 @@ def ensure_vpn_forward(public_ip, port, private_ip): iptables_manager.apply() -def ensure_floating_forward(floating_ip, fixed_ip): +def ensure_floating_forward(floating_ip, fixed_ip, device): """Ensure floating ip forwarding rule.""" - for chain, rule in floating_forward_rules(floating_ip, fixed_ip): + for chain, rule in floating_forward_rules(floating_ip, fixed_ip, device): iptables_manager.ipv4['nat'].add_rule(chain, rule) iptables_manager.apply() -def remove_floating_forward(floating_ip, fixed_ip): +def remove_floating_forward(floating_ip, fixed_ip, device): """Remove forwarding for floating ip.""" - for chain, rule in floating_forward_rules(floating_ip, fixed_ip): + for chain, rule in floating_forward_rules(floating_ip, fixed_ip, device): iptables_manager.ipv4['nat'].remove_rule(chain, rule) iptables_manager.apply() -def floating_forward_rules(floating_ip, fixed_ip): +def floating_forward_rules(floating_ip, fixed_ip, device): + rule = '-s %s -j SNAT --to %s' % (fixed_ip, floating_ip) + if device: + rule += ' -o %s' % device return [('PREROUTING', '-d %s -j DNAT --to %s' % (floating_ip, fixed_ip)), ('OUTPUT', '-d %s -j DNAT --to %s' % (floating_ip, fixed_ip)), - ('float-snat', - '-s %s -j SNAT --to %s' % (fixed_ip, floating_ip))] + ('float-snat', rule)] def initialize_gateway_device(dev, network_ref): |