@@ -662,6 +662,20 @@ def process(self):
662662 elif rule ["type" ] == "staticnat" :
663663 self .processStaticNatRule (rule )
664664
665+ #return the VR guest interface ipo
666+ def getGuestIp (self ):
667+ ipr = []
668+ ipAddr = None
669+ for ip in self .config .address ().get_ips ():
670+ if ip .is_guest ():
671+ ipr .append (ip )
672+ if len (ipr ) > 0 :
673+ ipAddr = sorted (ipr )[- 1 ]
674+ if ipAddr :
675+ return ipAddr .get_ip ()
676+
677+ return None
678+
665679 def getDeviceByIp (self , ipa ):
666680 for ip in self .config .address ().get_ips ():
667681 if ip .ip_in_subnet (ipa ):
@@ -725,7 +739,7 @@ def forward_vr(self, rule):
725739 )
726740 fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
727741 (
728- self .getGatewayByIp ( rule [ 'internal_ip' ] ),
742+ self .getGuestIp ( ),
729743 self .getNetworkByIp (rule ['internal_ip' ]),
730744 rule ['internal_ip' ],
731745 self .getDeviceByIp (rule ['internal_ip' ]),
@@ -809,6 +823,14 @@ def processStaticNatRule(self, rule):
809823 "-A POSTROUTING -o %s -s %s/32 -j SNAT --to-source %s" % (device , rule ["internal_ip" ], rule ["public_ip" ])])
810824 self .fw .append (["nat" , "front" ,
811825 "-A OUTPUT -d %s/32 -j DNAT --to-destination %s" % (rule ["public_ip" ], rule ["internal_ip" ])])
826+ self .fw .append (["filter" , "" ,
827+ "-A FORWARD -i %s -o eth0 -d %s -m state --state NEW -j ACCEPT " % (device , rule ["internal_ip" ])])
828+
829+ #configure the hairpin nat
830+ self .fw .append (["nat" , "front" ,
831+ "-A PREROUTING -d %s -i eth0 -j DNAT --to-destination %s" % (rule ["public_ip" ], rule ["internal_ip" ])])
832+
833+ self .fw .append (["nat" , "front" , "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % (self .getNetworkByIp (rule ['internal_ip' ]),rule ["internal_ip" ], self .getGuestIp ())])
812834
813835
814836def main (argv ):
0 commit comments