From 6264e9b24bbe0714f556d1696e7cb6ccb53e5f35 Mon Sep 17 00:00:00 2001
From: garciadeblas <gerardo.garciadeblas@telefonica.com>
Date: Thu, 15 Mar 2018 09:40:51 +0100
Subject: [PATCH] New NAT rules to allow UI access from local browser

Change-Id: Ieadec2fee2e17b5307c14212a109f51fa368fb24
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
---
 installers/nat_osm | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/installers/nat_osm b/installers/nat_osm
index 466855d2..eb6a18f9 100755
--- a/installers/nat_osm
+++ b/installers/nat_osm
@@ -87,7 +87,7 @@ echo
 echo "*** Configuring iptables rules ***"
 
 awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
-BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
+BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0; innatoutput=0; osmoutput=0; doneoutput=0;}
 /^\*nat/ {
     innat=1;
     print;
@@ -137,6 +137,39 @@ innatpre==1 && /\:INPUT/ {
     next;
 }
 
+innat==1 && /\:OUTPUT/ {
+    innatoutput=1;
+    print;
+    next;
+}
+innatoutput==1 && /\#Autogenerated by nat_osm/ {
+    osmoutput=1;
+    next;
+}
+osmoutput==1 && /#End autogeneration by nat_osm/ {
+    print "#Autogenerated by nat_osm"
+    print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
+    print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
+    print "#End autogeneration by nat_osm"
+    osmoutput=0;
+    doneoutput=1;
+    next;
+}
+osmoutput==1 {next;}
+innatoutput==1 && /\:POSTROUTING/ {
+    innatoutput=0;
+    if (doneoutput==0) {
+        print "#Autogenerated by nat_osm"
+        print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
+        print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
+        print "#End autogeneration by nat_osm"
+        doneoutput=1;
+    }
+    innatpost=1;
+    print;
+    next;
+}
+
 innat==1 && /\:POSTROUTING/ {
     innatpost=1;
     print;
@@ -149,6 +182,8 @@ innatpost==1 && /\#Autogenerated by nat_osm/ {
 osmpost==1 && /#End autogeneration by nat_osm/ {
     print "#Autogenerated by nat_osm"
     print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
+    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
+    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
     #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
     #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
     print "#End autogeneration by nat_osm"
@@ -163,6 +198,8 @@ innatpost==1 && /COMMIT/ {
     if (donepost==0) {
         print "#Autogenerated by nat_osm"
         print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
+        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
+        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
         #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
         #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
         print "#End autogeneration by nat_osm"
-- 
2.25.1