Yep! Their rules were simpler, and someone pointed the fix out to me ;) I actually gave up on UEC as there were so many issues (at the time anyway!)
Kiall On Oct 10, 2011 2:00 p.m., "Mark McLoughlin" <mar...@redhat.com> wrote: > On Mon, 2011-10-10 at 12:58 +0100, Mark McLoughlin wrote: > > On Mon, 2011-10-10 at 12:29 +0100, Kiall Mac Innes wrote: > > > Hi Mark, > > > > > > That part I understand :) Consider these rules (nabbed from forum > posting > > > here< > http://www.zeroshell.net/eng/forum/viewtopic.php?p=655&sid=76f8a08777176b9f939642734f2b23d0#655 > > > > > ): > > > > > > iptables -t nat -A prerouting_rule -d WAN_IP -p tcp --dport 80 -j DNAT > --to > > > > 192.168.0.10 > > > > iptables -A forwarding_rule -p tcp --dport 80 -d 192.168.0.10 -j > ACCEPT > > > > iptables -t nat -A postrouting_rule -s 192.168.0.0/24 -p tcp --dport > 80 -d > > > > 192.168.0.10 -j MASQUERADE > > > > > > > > > Some pretty "basic" iptables based router distro's like pfSense etc > call > > > this hairpin NAT or NAT reflection.. > > > > Ah, I see - hairpin is basically adding a rule which snats (as well as > > the standard dnat) connections from the private network to the public IP > > > > > And, I'm wondering if a similar technique is possible with the rules > > > OS generates? > > > > It seems perfectly possible to me - you'd need to add something similar > > to that last rule in ensure_floating_forward() in linux_vnet.py > > > > The only tricky bit is that you'll need to pass the fixed IP network's > > cidr down from init_host_floating_ips() - I'm guessing it's available by > > something like floating_ip['fixed_ip']['network']['cidr'] > > > > If you've any trouble getting it working, at least file a bug in > > launchpad - it sounds like a useful feature > > Hah, I see you filed a similar bug against Euca some time ago :) > > https://bugs.launchpad.net/eucalyptus/+bug/676167 > > Cheers, > Mark. > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
