summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-11-20 13:13:55 -0500
committerMicah Anderson <micah@leap.se>2014-11-20 13:13:55 -0500
commite334f10447303209ac3802436437670f45511603 (patch)
treedaeb240e17e381570e63f47557fdec3485de19da /puppet
parentbe18ba31fadd2e587672adc44175dd106187ceba (diff)
specify the destination IP for DNAT rules for gateway addresses on port 443 (#6388)
Previously the DNAT rule would redirect the incoming port 443 requests to openvpn, which was the wrong thing to do on the primary IP (but the right thing to do on the openvpn gateway IPs). This manifested in the webapp not being available when it was also configured as a service on the node. Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_shorewall/manifests/dnat_rule.pp4
1 files changed, 4 insertions, 0 deletions
diff --git a/puppet/modules/site_shorewall/manifests/dnat_rule.pp b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
index 49b929f2..f9fbe950 100644
--- a/puppet/modules/site_shorewall/manifests/dnat_rule.pp
+++ b/puppet/modules/site_shorewall/manifests/dnat_rule.pp
@@ -10,6 +10,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
@@ -19,6 +20,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::unlimited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}
@@ -30,6 +32,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'tcp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
shorewall::rule {
@@ -39,6 +42,7 @@ define site_shorewall::dnat_rule {
destination => "\$FW:${site_openvpn::limited_gateway_address}:1194",
proto => 'udp',
destinationport => $port,
+ originaldest => $site_openvpn::unlimited_gateway_address,
order => 100;
}
}