Commit 8a871d18d97183a08312027cd9179035fb3a6bf6
1 parent
1562ab87
Exists in
master
and in
89 other branches
Setup iptables forward on bootstrap script
Showing
2 changed files
with
8 additions
and
1 deletions
Show diff stats
Rakefile
| @@ -91,7 +91,7 @@ task :preconfig => ssh_config_file do | @@ -91,7 +91,7 @@ task :preconfig => ssh_config_file do | ||
| 91 | puts "I: delete #{preconfig_file} to force running again" | 91 | puts "I: delete #{preconfig_file} to force running again" |
| 92 | else | 92 | else |
| 93 | sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp' | 93 | sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp' |
| 94 | - sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s | 94 | + sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s, ips['reverseproxy'], ips['integration'] |
| 95 | 95 | ||
| 96 | File.open(preconfig_file, 'w') do |f| | 96 | File.open(preconfig_file, 'w') do |f| |
| 97 | f.puts($ALT_SSH_PORT) | 97 | f.puts($ALT_SSH_PORT) |
utils/reverseproxy_ssh_setup
| @@ -3,6 +3,8 @@ | @@ -3,6 +3,8 @@ | ||
| 3 | set -e | 3 | set -e |
| 4 | 4 | ||
| 5 | port="$1" | 5 | port="$1" |
| 6 | +reverseproxy_ip="$2" | ||
| 7 | +integration_ip="$3" | ||
| 6 | 8 | ||
| 7 | # switch SSH to port $port | 9 | # switch SSH to port $port |
| 8 | sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config | 10 | sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config |
| @@ -15,3 +17,8 @@ semanage port -a -t ssh_port_t -p tcp "$port" | @@ -15,3 +17,8 @@ semanage port -a -t ssh_port_t -p tcp "$port" | ||
| 15 | 17 | ||
| 16 | # Restart SSH | 18 | # Restart SSH |
| 17 | systemctl restart sshd | 19 | systemctl restart sshd |
| 20 | + | ||
| 21 | +# Setup port redirect | ||
| 22 | +iptables -A PREROUTING -d $reverseproxy_ip/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination $integration_ip:22 | ||
| 23 | +iptables -A POSTROUTING -d $integration_ip/32 -p tcp -m tcp --dport 22 -j SNAT --to-source $reverseproxy_ip | ||
| 24 | +sysctl -w net.ipv4.ip_forward=1 |