Download as
Browse Code »

Commit 8a871d18d97183a08312027cd9179035fb3a6bf6

Authored by Sergio Oliveira
1 parent 1562ab87
Exists in master and in 36 other branches add_super_archives_plugin, automates_core_packing, changes_in_buttons_on_content_panel, colab_fix_automatic_group_creation_bug, gitlab-8.x, gov-user-refactoring, gov-user-refactoring-rails4, gov-user-to-organization, high_contrast, high_contrast_style, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, mezuro_spb, packaging_colab_plugins, performance, refactor_software_communities, refactor_software_communities_rails4, refactor_software_for_sisp, refactor_software_info_to_software, register_page, remove-unused-images, removing_super_archives_email, restore, signals_user_noosfero, software_as_organization, spb_minimal_env, stable-4.1, stable-4.2, stable-4.x, stable-5.0, stable-5.1, stable-devel, temp_soft_comm_refactoring, theme_header, thread_page

Setup iptables forward on bootstrap script

Showing 2 changed files with 8 additions and 1 deletions   Show diff stats
Rakefile
  Diff comments   View file @8a871d1
... ... @@ -91,7 +91,7 @@ task :preconfig => ssh_config_file do
91 91 puts "I: delete #{preconfig_file} to force running again"
92 92 else
93 93 sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp'
94   - sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s
  94 + sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s, ips['reverseproxy'], ips['integration']
95 95  
96 96 File.open(preconfig_file, 'w') do |f|
97 97 f.puts($ALT_SSH_PORT)
... ...
utils/reverseproxy_ssh_setup
  Diff comments   View file @8a871d1
... ... @@ -3,6 +3,8 @@
3 3 set -e
4 4  
5 5 port="$1"
  6 +reverseproxy_ip="$2"
  7 +integration_ip="$3"
6 8  
7 9 # switch SSH to port $port
8 10 sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config
... ... @@ -15,3 +17,8 @@ semanage port -a -t ssh_port_t -p tcp "$port"
15 17  
16 18 # Restart SSH
17 19 systemctl restart sshd
  20 +
  21 +# Setup port redirect
  22 +iptables -A PREROUTING -d $reverseproxy_ip/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination $integration_ip:22
  23 +iptables -A POSTROUTING -d $integration_ip/32 -p tcp -m tcp --dport 22 -j SNAT --to-source $reverseproxy_ip
  24 +sysctl -w net.ipv4.ip_forward=1
... ...