summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-11-20 13:13:55 -0500
committerMicah Anderson <micah@leap.se>2014-11-20 13:13:55 -0500
commite334f10447303209ac3802436437670f45511603 (patch)
treedaeb240e17e381570e63f47557fdec3485de19da
parentbe18ba31fadd2e587672adc44175dd106187ceba (diff)
specify the destination IP for DNAT rules for gateway addresses on port 443 (#6388)
Previously the DNAT rule would redirect the incoming port 443 requests to openvpn, which was the wrong thing to do on the primary IP (but the right thing to do on the openvpn gateway IPs). This manifested in the webapp not being available when it was also configured as a service on the node. Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
-rw-r--r--puppet/modules/site_shorewall/manifests/dnat_rule.pp4
1 files changed, 4 insertions, 0 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 49b929f2..f9fbe950 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -10,6 +10,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
@@ -19,6 +20,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}
@@ -30,6 +32,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
@@ -39,6 +42,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}