diff options
| author | Simon Rettberg | 2014-02-17 14:00:53 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2014-02-17 14:00:53 +0100 |
| commit | d12d3c9fce7d931bb6beff555f526c530c4fa383 (patch) | |
| tree | 24106200a879ab87787cd44ffa04df9c141e9555 /remote/modules/redsocks | |
| parent | [iptables-helper] Put everything in a dedicated chain so we don't interfere w... (diff) | |
| download | tm-scripts-d12d3c9fce7d931bb6beff555f526c530c4fa383.tar.gz tm-scripts-d12d3c9fce7d931bb6beff555f526c530c4fa383.tar.xz tm-scripts-d12d3c9fce7d931bb6beff555f526c530c4fa383.zip | |
[redsocks] Tweaked iptables rules so we don't interfere with openstack
Diffstat (limited to 'remote/modules/redsocks')
| -rwxr-xr-x | remote/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/remote/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/remote/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy index 94cb7688..adbaf827 100755 --- a/remote/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy +++ b/remote/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy @@ -33,7 +33,8 @@ cat > "/opt/openslx/iptables/rules.d/10-redoscks-proxy" <<HEREDOCBROWN #!/bin/ash . /opt/openslx/config -iptables -t nat -N REDSOCKS +iptables -t nat -N REDSOCKS 2>/dev/null +iptables -t nat -F REDSOCKS iptables -t nat -A REDSOCKS -d "\$SLX_PROXY_IP" -j RETURN iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN @@ -49,9 +50,9 @@ if [ -n "\$SLX_PROXY_BLACKLIST" ]; then done fi iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345 -iptables -t nat -A PREROUTING -p tcp -j REDSOCKS -iptables -t nat -A OUTPUT -p tcp -j REDSOCKS -iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE +iptables -t nat -A PREROUTING -i nat1 -p tcp -j REDSOCKS +iptables -t nat -A OUTPUT -o br0 -p tcp -j REDSOCKS +#iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP HEREDOCBROWN chmod +x "/opt/openslx/iptables/rules.d/10-redoscks-proxy" |