2 # Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
20 echo -e "usage: $0 [OPTIONS]"
21 echo -e "Install NAT rules for OSM"
23 echo -e " -u: UI/SO (rift) IP address"
24 echo -e " -r: RO (openmano) IP address"
25 echo -e " -v: VCA (juju) IP address"
26 echo -e " -m: MON IP address"
27 echo -e " -h: show this help"
34 #Check root privileges
35 [ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
37 HERE=$(realpath $(dirname $0))
38 OSM_DEVOPS=$(dirname $HERE)
39 OSM_JENKINS="$OSM_DEVOPS/jenkins"
40 . $OSM_JENKINS/common/all_funcs
42 #Get default IP address
43 . $OSM_DEVOPS/installers/export_ips
51 while getopts ":u:r:v:h-:" o; do
54 export UI_IP="$OPTARG"
57 export RO_IP="$OPTARG"
60 export VCA_IP="$OPTARG"
66 [ "${OPTARG}" == "help" ] && usage && exit 0
67 echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
71 echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
75 echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
86 # NAT port forwarding configuration
89 echo "*** Configuring iptables rules ***"
92 awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
93 BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0; innatoutput=0; osmoutput=0; doneoutput=0;}
95 awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
96 BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
97 >>>>>>> MON Installation Changes Updated.
103 innat==1 && /\:PREROUTING/ {
108 innatpre==1 && /\#Autogenerated by nat_osm/ {
112 osmpre==1 && /#End autogeneration by nat_osm/ {
113 print "#Autogenerated by nat_osm"
114 print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
115 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
116 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
117 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
118 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
119 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
120 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
121 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
122 print "#End autogeneration by nat_osm"
128 innatpre==1 && /\:INPUT/ {
131 print "#Autogenerated by nat_osm"
132 print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
133 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
134 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
135 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
136 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
137 print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
138 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
139 #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
140 print "#End autogeneration by nat_osm"
147 innat==1 && /\:OUTPUT/ {
152 innatoutput==1 && /\#Autogenerated by nat_osm/ {
156 osmoutput==1 && /#End autogeneration by nat_osm/ {
157 print "#Autogenerated by nat_osm"
158 print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
159 print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
160 print "#End autogeneration by nat_osm"
166 innatoutput==1 && /\:POSTROUTING/ {
169 print "#Autogenerated by nat_osm"
170 print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
171 print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
172 print "#End autogeneration by nat_osm"
180 innat==1 && /\:POSTROUTING/ {
185 innatpost==1 && /\#Autogenerated by nat_osm/ {
189 osmpost==1 && /#End autogeneration by nat_osm/ {
190 print "#Autogenerated by nat_osm"
191 print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
192 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
193 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
194 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
195 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
196 print "#End autogeneration by nat_osm"
202 innatpost==1 && /COMMIT/ {
206 print "#Autogenerated by nat_osm"
207 print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
208 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
209 print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
210 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
211 #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
212 print "#End autogeneration by nat_osm"
221 ' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
223 service netfilter-persistent restart