From: David Garcia <david.garcia@canonical.com>
Date: Wed, 11 Dec 2019 11:22:35 +0000 (+0100)
Subject: Fix iptables rules
X-Git-Tag: v7.0.0~1
X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F78%2F8378%2F3;p=osm%2Fdevops.git

Fix iptables rules

Change-Id: I105d2cca2083362f99293308a7290681f1bfd6f9
Signed-off-by: David Garcia <david.garcia@canonical.com>
---

diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh
index b88fc47f..b4d56854 100755
--- a/installers/full_install_osm.sh
+++ b/installers/full_install_osm.sh
@@ -139,8 +139,15 @@ function remove_iptables() {
         [ -z "$OSM_VCA_HOST" ] && FATAL "Cannot obtain juju controller IP address"
     fi
 
-    if sudo iptables -t nat -C PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
-        sudo iptables -t nat -D PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
+    if [ -z "$DEFAULT_IP" ]; then
+        DEFAULT_IF=`route -n |awk '$1~/^0.0.0.0/ {print $8}'`
+        [ -z "$DEFAULT_IF" ] && FATAL "Not possible to determine the interface with the default route 0.0.0.0"
+        DEFAULT_IP=`ip -o -4 a |grep ${DEFAULT_IF}|awk '{split($4,a,"/"); print a[1]}'`
+        [ -z "$DEFAULT_IP" ] && FATAL "Not possible to determine the IP address of the interface with the default route"
+    fi
+
+    if sudo iptables -t nat -C PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
+        sudo iptables -t nat -D PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
         sudo netfilter-persistent save
     fi
 }
@@ -722,8 +729,8 @@ function juju_createproxy() {
     dpkg -l iptables-persistent &>/dev/null || ! echo -e "    Not installed.\nInstalling iptables-persistent requires root privileges" || \
     sudo apt-get -yq install iptables-persistent
 
-    if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
-        sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
+    if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then
+        sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST
         sudo netfilter-persistent save
     fi
 }