From 26432d4fc3f1439bda59c40c8c6648182598cf5e Mon Sep 17 00:00:00 2001 From: David Garcia Date: Wed, 11 Dec 2019 12:22:35 +0100 Subject: [PATCH] Fix iptables rules Change-Id: I105d2cca2083362f99293308a7290681f1bfd6f9 Signed-off-by: David Garcia --- installers/full_install_osm.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh index b88fc47f..b4d56854 100755 --- a/installers/full_install_osm.sh +++ b/installers/full_install_osm.sh @@ -139,8 +139,15 @@ function remove_iptables() { [ -z "$OSM_VCA_HOST" ] && FATAL "Cannot obtain juju controller IP address" fi - if sudo iptables -t nat -C PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then - sudo iptables -t nat -D PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST + if [ -z "$DEFAULT_IP" ]; then + DEFAULT_IF=`route -n |awk '$1~/^0.0.0.0/ {print $8}'` + [ -z "$DEFAULT_IF" ] && FATAL "Not possible to determine the interface with the default route 0.0.0.0" + DEFAULT_IP=`ip -o -4 a |grep ${DEFAULT_IF}|awk '{split($4,a,"/"); print a[1]}'` + [ -z "$DEFAULT_IP" ] && FATAL "Not possible to determine the IP address of the interface with the default route" + fi + + if sudo iptables -t nat -C PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then + sudo iptables -t nat -D PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST sudo netfilter-persistent save fi } @@ -722,8 +729,8 @@ function juju_createproxy() { dpkg -l iptables-persistent &>/dev/null || ! echo -e " Not installed.\nInstalling iptables-persistent requires root privileges" || \ sudo apt-get -yq install iptables-persistent - if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then - sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST + if ! sudo iptables -t nat -C PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST; then + sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d $DEFAULT_IP --dport 17070 -j DNAT --to-destination $OSM_VCA_HOST sudo netfilter-persistent save fi } -- 2.25.1