+#!/bin/bash
+# Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+############
+# Functions
+############
+usage(){
+ echo -e "usage: $0 [OPTIONS]"
+ echo -e "Install NAT rules for OSM"
+ echo -e " OPTIONS"
+ echo -e " -u: UI/SO (rift) IP address"
+ echo -e " -r: RO (openmano) IP address"
+ echo -e " -v: VCA (juju) IP address"
+ echo -e " -h: show this help"
+}
+
+###################
+# End of functions
+###################
+
+#Check root privileges
+[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1
+
+HERE=$(realpath $(dirname $0))
+OSM_DEVOPS=$(dirname $HERE)
+. $OSM_DEVOPS/jenkins/common/all_funcs
+
+#Get default IP address
+. $OSM_DEVOPS/installers/export_ips
+
+UI_IP=$DEFAULT_IP
+RO_IP=$DEFAULT_IP
+VCA_IP=$DEFAULT_IP
+
+#read input options
+while getopts ":u:r:v:h-:" o; do
+ case "${o}" in
+ u)
+ export UI_IP="$OPTARG"
+ ;;
+ r)
+ export RO_IP="$OPTARG"
+ ;;
+ v)
+ export VCA_IP="$OPTARG"
+ ;;
+ h)
+ usage && exit 0
+ ;;
+ -)
+ [ "${OPTARG}" == "help" ] && usage && exit 0
+ echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
+ exit 1
+ ;;
+ \?)
+ echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
+ exit 1
+ ;;
+ :)
+ echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
+ exit 1
+ ;;
+ *)
+ usage >&2
+ exit -1
+ ;;
+ esac
+done
+
+#############
+# NAT port forwarding configuration
+#############
+echo
+echo "*** Configuring iptables rules ***"
+
+awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
+BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
+/^\*nat/ {
+ innat=1;
+ print;
+ next
+}
+innat==1 && /\:PREROUTING/ {
+ innatpre=1;
+ print;
+ next;
+}
+innatpre==1 && /\#Autogenerated by nat_osm/ {
+ osmpre=1;
+ next;
+}
+osmpre==1 && /#End autogeneration by nat_osm/ {
+ print "#Autogenerated by nat_osm"
+ print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 4567 -j DNAT --to-destination "rift_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
+ #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
+ #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
+ print "#End autogeneration by nat_osm"
+ osmpre=0;
+ donepre=1;
+ next;
+}
+osmpre==1 {next;}
+innatpre==1 && /\:INPUT/ {
+ innatpre=0;
+ if (donepre==0) {
+ print "#Autogenerated by nat_osm"
+ print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 4567 -j DNAT --to-destination "rift_ip
+ print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
+ #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
+ #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
+ print "#End autogeneration by nat_osm"
+ donepre=1;
+ }
+ print;
+ next;
+}
+
+innat==1 && /\:POSTROUTING/ {
+ innatpost=1;
+ print;
+ next;
+}
+innatpost==1 && /\#Autogenerated by nat_osm/ {
+ osmpost=1;
+ next;
+}
+osmpost==1 && /#End autogeneration by nat_osm/ {
+ #print "#Autogenerated by nat_osm"
+ #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
+ #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
+ #print "#End autogeneration by nat_osm"
+ osmpost=0;
+ donepost=1;
+ next;
+}
+osmpost==1 {next;}
+innatpost==1 && /COMMIT/ {
+ innatpost=0;
+ innat=0;
+ if (donepost==0) {
+ #print "#Autogenerated by nat_osm"
+ #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
+ #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
+ #print "#End autogeneration by nat_osm"
+ donepost=1;
+ }
+ print;
+ next;
+}
+{
+ print
+}
+' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4
+
+service netfilter-persistent restart
+