Fix NAT to reference correct interfaces
This moves the NAT commands from terraform to setup.sh Signed-off-by: Nahum Shalman <nshalman@equinix.com>
This commit is contained in:
parent
5347fe6da7
commit
4d13239d77
@ -71,12 +71,9 @@ resource "null_resource" "tink_directory" {
|
||||
destination = "/root/tink"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"iptables -A FORWARD -i eth1 -o bond0 -j ACCEPT",
|
||||
"iptables -A FORWARD -i bond0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT",
|
||||
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
||||
]
|
||||
provisioner "file" {
|
||||
source = "nat_interface"
|
||||
destination = "/root/tink/.nat_interface"
|
||||
}
|
||||
|
||||
provisioner "remote-exec" {
|
||||
|
1
deploy/terraform/nat_interface
Normal file
1
deploy/terraform/nat_interface
Normal file
@ -0,0 +1 @@
|
||||
bond0
|
11
setup.sh
11
setup.sh
@ -110,6 +110,17 @@ setup_networking() (
|
||||
else
|
||||
echo "$ERR tinkerbell network interface configuration failed"
|
||||
fi
|
||||
|
||||
if [ -r .nat_interface ]; then
|
||||
NAT_INTERFACE=$(cat .nat_interface)
|
||||
fi
|
||||
if [ -n "$NAT_INTERFACE" ] && ip addr show "$NAT_INTERFACE" &>/dev/null; then
|
||||
# TODO(nshalman) the terraform code would just run these commands as-is once
|
||||
# but it would be nice to make these more persistent based on OS
|
||||
iptables -A FORWARD -i "$TINKERBELL_NETWORK_INTERFACE" -o "$NAT_INTERFACE" -j ACCEPT
|
||||
iptables -A FORWARD -i "$NAT_INTERFACE" -o "$TINKERBELL_NETWORK_INTERFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE" -j MASQUERADE
|
||||
fi
|
||||
)
|
||||
|
||||
setup_networking_manually() (
|
||||
|
Loading…
Reference in New Issue
Block a user