Fix NAT to reference correct interfaces
This moves the NAT commands from terraform to setup.sh Signed-off-by: Nahum Shalman <nshalman@equinix.com>
This commit is contained in:
parent
5347fe6da7
commit
4d13239d77
@ -71,12 +71,9 @@ resource "null_resource" "tink_directory" {
|
|||||||
destination = "/root/tink"
|
destination = "/root/tink"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "file" {
|
||||||
inline = [
|
source = "nat_interface"
|
||||||
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
|
destination = "/root/tink/.nat_interface"
|
||||||
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
|
|
||||||
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
|
1
deploy/terraform/nat_interface
Normal file
1
deploy/terraform/nat_interface
Normal file
@ -0,0 +1 @@
|
|||||||
|
bond0
|
11
setup.sh
11
setup.sh
@ -110,6 +110,17 @@ setup_networking() (
|
|||||||
else
|
else
|
||||||
echo "$ERR tinkerbell network interface configuration failed"
|
echo "$ERR tinkerbell network interface configuration failed"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -r .nat_interface ]; then
|
||||||
|
NAT_INTERFACE=$(cat .nat_interface)
|
||||||
|
fi
|
||||||
|
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
|
||||||
|
# TODO(nshalman) the terraform code would just run these commands as-is once
|
||||||
|
# but it would be nice to make these more persistent based on OS
|
||||||
|
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
|
||||||
|
iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
|
||||||
|
fi
|
||||||
)
|
)
|
||||||
|
|
||||||
setup_networking_manually() (
|
setup_networking_manually() (
|
||||||
|
Loading…
Reference in New Issue
Block a user