some iptables rules doubles on master node
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Confirmed
|
High
|
Matthew Mosesohn |
Bug Description
{"build_id": "2014-07-
"ostf_sha": "9863db951a6e15
"build_number": "320",
"auth_required": false,
"api": "1.0",
"nailgun_sha": "902cbb4ac4995a
"production": "docker",
"fuelmain_sha": "d12f4ac69a6299
"astute_sha": "18a6861ecf96e2
"feature_groups": ["mirantis"],
"release": "5.1",
"fuellib_sha": "b2caaea7b0a39f
1. Create new environment (CentOS, simple mode)
2. Add controller, compute, cinder
3. Start deployment. It was successful
4. Reboot master node
Expect:
IPtables rules will stay intouched
Actual result:
some of iptables rules is doubled.
out from master node:
[root@nailgun ~]# iptables-save
# Generated by iptables-save v1.4.7 on Wed Jul 16 09:25:29 2014
*mangle
:PREROUTING ACCEPT [119801:21754006]
:INPUT ACCEPT [76590:7759719]
:FORWARD ACCEPT [43089:13959492]
:OUTPUT ACCEPT [93735:569578157]
:POSTROUTING ACCEPT [136822:583537473]
COMMIT
# Completed on Wed Jul 16 09:25:29 2014
# Generated by iptables-save v1.4.7 on Wed Jul 16 09:25:29 2014
*filter
:INPUT ACCEPT [1:240]
:FORWARD ACCEPT [1:328]
:OUTPUT ACCEPT [93697:569572627]
-A INPUT -m comment --comment "002 accept related established rules" -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --ports 22 -m comment --comment "005 ssh" -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --ports 123 -m comment --comment "006 ntp" -j ACCEPT
-A INPUT -i eth0 -p udp -m multiport --ports 123 -m comment --comment "007 ntp_udp" -j ACCEPT
-A INPUT -p udp -m multiport --ports 162 -m comment --comment "008 snmp" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 8000 -m comment --comment "009 nailgun_web" -j ACCEPT
-A INPUT -i docker0 -p tcp -m multiport --ports 8001 -m comment --comment "010 nailgun_internal" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 8001 -m addrtype --src-type LOCAL -m comment --comment "011 nailgun_
-A INPUT -p tcp -m multiport --ports 8001 -m comment --comment "012 nailgun_
-A INPUT -p tcp -m multiport --ports 5432 -m addrtype --src-type LOCAL -m comment --comment "013 postgres_local" -j ACCEPT
-A INPUT -i docker0 -p tcp -m multiport --ports 5432 -m comment --comment "014 postgres" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 5432 -m comment --comment "015 postgres_block_ext" -j REJECT --reject-with icmp-port-
-A INPUT -i eth0 -p tcp -m multiport --ports 8777 -m comment --comment "020 ostf_admin" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 8777 -m addrtype --src-type LOCAL -m comment --comment "021 ostf_local" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 8777 -m comment --comment "022 ostf_block_ext" -j REJECT --reject-with icmp-port-
-A INPUT -p tcp -m multiport --ports 873 -m comment --comment "023 rsync" -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --ports 873 -m comment --comment "024 rsyslog" -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --ports 4369,5672,
-A INPUT -p tcp -m multiport --ports 4369,5672,
-A INPUT -p tcp -m multiport --ports 4369,5672,
-A INPUT -p tcp -m multiport --ports 53 -m comment --comment "101 dns_tcp" -j ACCEPT
-A INPUT -p udp -m multiport --ports 53 -m comment --comment "102 dns_udp" -j ACCEPT
-A INPUT -p udp -m multiport --ports 67,68 -m comment --comment "103 dhcp" -j ACCEPT
-A INPUT -p udp -m multiport --ports 69 -m comment --comment "104 tftp" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 3128 -m comment --comment "110 squidproxy" -j ACCEPT
-A INPUT -p tcp -m multiport --ports 80,443 -m comment --comment "111 cobbler_web" -j ACCEPT
-A INPUT -p tcp -m comment --comment "999 iptables denied" -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25150 -j ACCEPT
-A FORWARD -d 172.17.0.12/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25150 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8000 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 873 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 873 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 35357 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8000 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 35357 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p udp -m udp --dport 69 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -d 172.17.0.11/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A FORWARD -d 172.17.0.10/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8000 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -d 172.17.0.9/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -d 172.17.0.8/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8001 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p udp -m udp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 514 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25150 -j ACCEPT
-A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25150 -j ACCEPT
-A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 873 -j ACCEPT
-A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 873 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A FORWARD -d 172.17.0.4/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 35357 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 61613 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5672 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 4369 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 15672 -j ACCEPT
-A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5432 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
COMMIT
# Completed on Wed Jul 16 09:25:29 2014
# Generated by iptables-save v1.4.7 on Wed Jul 16 09:25:29 2014
*nat
:PREROUTING ACCEPT [24:2122]
:POSTROUTING ACCEPT [4:468]
:OUTPUT ACCEPT [6:856]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8080 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p udp -m udp --dport 514 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8000 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 514 -j ACCEPT
-A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE
-A POSTROUTING -s 10.108.0.0/24 -p udp -m udp --dport 514 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8080 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 514 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8000 -j ACCEPT
-A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8080 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 8000 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p udp -m udp --dport 514 -j ACCEPT
-A POSTROUTING -s 10.108.0.0/24 -p tcp -m tcp --dport 514 -j ACCEPT
-A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE
-A POSTROUTING -s 10.108.0.0/24 -o eth+ -p tcp -m comment --comment "004 forward_admin_net" -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE
-A POSTROUTING -o docker0 -j MASQUERADE
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A DOCKER -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.17.0.3:443
-A DOCKER -d 10.108.0.2/32 -p udp -m udp --dport 53 -j DNAT --to-destination 172.17.0.3:53
-A DOCKER -d 127.0.0.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 172.17.0.3:53
-A DOCKER -d 10.108.0.2/32 -p udp -m udp --dport 69 -j DNAT --to-destination 172.17.0.3:69
-A DOCKER -d 127.0.0.1/32 -p udp -m udp --dport 69 -j DNAT --to-destination 172.17.0.3:69
-A DOCKER -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.0.3:80
-A DOCKER -p tcp -m tcp --dport 35357 -j DNAT --to-destination 172.17.0.4:35357
-A DOCKER -p tcp -m tcp --dport 5000 -j DNAT --to-destination 172.17.0.4:5000
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 8001 -j DNAT --to-destination 172.17.0.6:8001
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8001 -j DNAT --to-destination 172.17.0.6:8001
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 5432 -j DNAT --to-destination 172.17.0.7:5432
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 5432 -j DNAT --to-destination 172.17.0.7:5432
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 15672 -j DNAT --to-destination 172.17.0.8:15672
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 15672 -j DNAT --to-destination 172.17.0.8:15672
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 4369 -j DNAT --to-destination 172.17.0.8:4369
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 4369 -j DNAT --to-destination 172.17.0.8:4369
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 5672 -j DNAT --to-destination 172.17.0.8:5672
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 5672 -j DNAT --to-destination 172.17.0.8:5672
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 61613 -j DNAT --to-destination 172.17.0.8:61613
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 61613 -j DNAT --to-destination 172.17.0.8:61613
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 873 -j DNAT --to-destination 172.17.0.9:873
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 873 -j DNAT --to-destination 172.17.0.9:873
-A DOCKER -p tcp -m tcp --dport 8000 -j DNAT --to-destination 172.17.0.10:8000
-A DOCKER -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.10:8080
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.11:8777
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.11:8777
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 25150 -j DNAT --to-destination 172.17.0.12:25150
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 25150 -j DNAT --to-destination 172.17.0.12:25150
-A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport 514 -j DNAT --to-destination 172.17.0.12:514
-A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 514 -j DNAT --to-destination 172.17.0.12:514
-A DOCKER -d 10.108.0.2/32 -p udp -m udp --dport 514 -j DNAT --to-destination 172.17.0.12:514
-A DOCKER -d 127.0.0.1/32 -p udp -m udp --dport 514 -j DNAT --to-destination 172.17.0.12:514
COMMIT
# Completed on Wed Jul 16 09:25:29 2014
[root@nailgun ~]#
Changed in fuel: | |
importance: | Undecided → Low |
assignee: | Fuel Library Team (fuel-library) → Matthew Mosesohn (raytrac3r) |
status: | New → Confirmed |
importance: | Low → High |