Commit cc1d620c authored by Leigh B Stoller's avatar Leigh B Stoller

Do not NAT traffic to jail network.

parent fb60d0db
......@@ -56,6 +56,7 @@ use libsetup;
use libtmcc;
use libutil;
use libtestbed;
use libgenvnode;
#
# Configure.
......@@ -104,6 +105,8 @@ chomp($cnet_mask);
chomp($cnet_gw);
my $network = inet_ntoa(inet_aton($cnet_ip) & inet_aton($cnet_mask));
my ($jail_network,$jail_netmask) = findVirtControlNet();
# Each container gets a tmcc proxy running on another port.
my $local_tmcd_port = $TMCD_PORT + $vmid;
......@@ -207,6 +210,14 @@ sub Online()
return -1
if ($?);
#
# Ditto for the jail network.
#
mysystem2("$IPTABLES -t nat -A POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $jail_network/$jail_netmask");
return -1
if ($?);
#
# Otherwise, setup NAT so that traffic leaving the vnode on its
# control net IP, that has been routed out the phys host's
......@@ -254,6 +265,9 @@ sub Offline()
" -o $bridge");
}
mysystem2("$IPTABLES -t nat -D POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $jail_network/$jail_netmask");
mysystem2("$IPTABLES -t nat -D POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $network/$cnet_mask");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment