New NAT rules to allow UI access from local browser

Change-Id: Ieadec2fee2e17b5307c14212a109f51fa368fb24 Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>

New NAT rules to allow UI access from local browser
Change-Id: Ieadec2fee2e17b5307c14212a109f51fa368fb24 Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
6264e9b2 · garciadeblas · 3f761ada · 6264e9b2
Commit 6264e9b2 authored 7 years ago by garciadeblas
--- a/installers/nat_osm
+++ b/installers/nat_osm
@@ -87,7 +87,7 @@ echo
 echo "*** Configuring iptables rules ***"

 awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
-BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
+BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0; innatoutput=0; osmoutput=0; doneoutput=0;}
 /^\*nat/ {
    innat=1;
    print;
@@ -137,6 +137,39 @@ innatpre==1 && /\:INPUT/ {
    next;
 }

+innat==1 && /\:OUTPUT/ {
+    innatoutput=1;
+    print;
+    next;
+}
+innatoutput==1 && /\#Autogenerated by nat_osm/ {
+    osmoutput=1;
+    next;
+}
+osmoutput==1 && /#End autogeneration by nat_osm/ {
+    print "#Autogenerated by nat_osm"
+    print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
+    print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
+    print "#End autogeneration by nat_osm"
+    osmoutput=0;
+    doneoutput=1;
+    next;
+}
+osmoutput==1 {next;}
+innatoutput==1 && /\:POSTROUTING/ {
+    innatoutput=0;
+    if (doneoutput==0) {
+        print "#Autogenerated by nat_osm"
+        print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
+        print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
+        print "#End autogeneration by nat_osm"
+        doneoutput=1;
+    }
+    innatpost=1;
+    print;
+    next;
+}
+
 innat==1 && /\:POSTROUTING/ {
    innatpost=1;
    print;
@@ -149,6 +182,8 @@ innatpost==1 && /\#Autogenerated by nat_osm/ {
 osmpost==1 && /#End autogeneration by nat_osm/ {
    print "#Autogenerated by nat_osm"
    print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
+    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
+    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
    #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
    #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
    print "#End autogeneration by nat_osm"
@@ -163,6 +198,8 @@ innatpost==1 && /COMMIT/ {
    if (donepost==0) {
        print "#Autogenerated by nat_osm"
        print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
+        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
+        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
        #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
        #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
        print "#End autogeneration by nat_osm"