diff options
| author |   Martin Kulhavy <martin.kulhavy@nokia.com> | 2017-08-28 12:53:17 +0300 |
|---|---|---|
| committer | Martin Kulhavy <martin.kulhavy@nokia.com> | 2017-08-28 14:14:43 +0300 |
| commit | b2ebcd65ca4125b960bac2a02f5bbd0bcdcfac76 (patch) | |
| tree | 3d010e86071a1ca04b0f4718f91d7a2550fcc436 /labconfig/nokia/pod1/setup_ip_forwarding.sh | |
| parent | fd8bd0c1beb084655a06a2cc5409fde190951e8a (diff) | |
Add Nokia pod 1 deployment config and details
Change-Id: Iafc0172dea008611a3251ee8adfe56218e4c32b1
Signed-off-by: Martin Kulhavy <martin.kulhavy@nokia.com>
Diffstat (limited to 'labconfig/nokia/pod1/setup_ip_forwarding.sh')
| -rw-r--r-- | labconfig/nokia/pod1/setup_ip_forwarding.sh | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/labconfig/nokia/pod1/setup_ip_forwarding.sh b/labconfig/nokia/pod1/setup_ip_forwarding.sh new file mode 100644 index 00000000..1c703ece --- /dev/null +++ b/labconfig/nokia/pod1/setup_ip_forwarding.sh @@ -0,0 +1,56 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2017 Nokia and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +# Small tool to setup IP forwarding if you need Internet connectivity on both +# bridges but only one of the interfaces actually has the outside connectivity. +# Based on a script provided by Canonical +# + +# Internal bridge +internal="brAdmin" +# External bridge with Internet connectivity +external="brExt" + +set -ex + +if [ "$(id -u)" != "0" ]; then + echo "Must be run with sudo or by root" + exit 77 +fi + +# Enable IP forwarding and save for next boot +echo 1 > /proc/sys/net/ipv4/ip_forward +echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/10-maas-ip-forward.conf +sysctl --system + +# Note that this script assumes no existing iptables rules. +# If you do have any, they will be deleted. +iptables -v --flush +iptables -v --table nat --flush +iptables -v --delete-chain +iptables -v --table nat --delete-chain + +# Some things use the MAAS proxy - some things don't. So turn on NAT. +echo "Setting up ip forwarding" +iptables -v -t nat -A POSTROUTING -o $external -j MASQUERADE +iptables -v -A FORWARD -i $external -o $internal -m state --state RELATED,ESTABLISHED -j ACCEPT +iptables -v -A FORWARD -i $internal -o $external -j ACCEPT + +# Make the rules persistent (otherwise it's reset after next boot) +apt-get install netfilter-persistent + +# sudo is needed here even when the script is called with sudo, +# otherwise the output is empty +mkdir -p /etc/iptables +sudo iptables-save > /etc/iptables/rules.v4 +echo "Saved iptables rules:" +cat /etc/iptables/rules.v4 + +service netfilter-persistent restart |