Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/bash
# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
############
# Functions
############
usage(){
echo -e "usage: $0 [OPTIONS]"
echo -e "Install NAT rules for OSM"
echo -e " OPTIONS"
echo -e " -u: UI/SO (rift) IP address"
echo -e " -r: RO (openmano) IP address"
echo -e " -v: VCA (juju) IP address"
echo -e " -h: show this help"
}
###################
# End of functions
###################
#Check root privileges
[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
HERE=$(realpath $(dirname $0))
OSM_DEVOPS=$(dirname $HERE)
OSM_JENKINS="$OSM_DEVOPS/jenkins"
. $OSM_JENKINS/common/all_funcs
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#Get default IP address
. $OSM_DEVOPS/installers/export_ips
UI_IP=$DEFAULT_IP
RO_IP=$DEFAULT_IP
VCA_IP=$DEFAULT_IP
#read input options
while getopts ":u:r:v:h-:" o; do
case "${o}" in
u)
export UI_IP="$OPTARG"
;;
r)
export RO_IP="$OPTARG"
;;
v)
export VCA_IP="$OPTARG"
;;
h)
usage && exit 0
;;
-)
[ "${OPTARG}" == "help" ] && usage && exit 0
echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
exit 1
;;
\?)
echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
exit 1
;;
:)
echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
exit 1
;;
*)
usage >&2
exit -1
;;
esac
done
#############
# NAT port forwarding configuration
#############
echo
echo "*** Configuring iptables rules ***"
awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
/^\*nat/ {
innat=1;
print;
next
}
innat==1 && /\:PREROUTING/ {
innatpre=1;
print;
next;
}
innatpre==1 && /\#Autogenerated by nat_osm/ {
osmpre=1;
next;
}
osmpre==1 && /#End autogeneration by nat_osm/ {
print "#Autogenerated by nat_osm"
print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas
committed
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas
committed
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
print "#End autogeneration by nat_osm"
osmpre=0;
donepre=1;
next;
}
osmpre==1 {next;}
innatpre==1 && /\:INPUT/ {
innatpre=0;
if (donepre==0) {
print "#Autogenerated by nat_osm"
print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
garciadeblas
committed
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
garciadeblas
committed
print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
#print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
print "#End autogeneration by nat_osm"
donepre=1;
}
print;
next;
}
innat==1 && /\:POSTROUTING/ {
innatpost=1;
print;
next;
}
innatpost==1 && /\#Autogenerated by nat_osm/ {
osmpost=1;
next;
}
osmpost==1 && /#End autogeneration by nat_osm/ {
print "#Autogenerated by nat_osm"
print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
osmpost=0;
donepost=1;
next;
}
osmpost==1 {next;}
innatpost==1 && /COMMIT/ {
innatpost=0;
innat=0;
if (donepost==0) {
print "#Autogenerated by nat_osm"
print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
#print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
donepost=1;
}
print;
next;
}
{
print
}
' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
service netfilter-persistent restart