File tree 6 files changed +99
-0
lines changed
6 files changed +99
-0
lines changed Original file line number Diff line number Diff line change @@ -4,3 +4,4 @@ This BOSH release includes some jobs that are unmerged pull requests to other re
44
55* ` prepare_env ` is https://github.com/cloudfoundry/os-conf-release/pull/19
66* ` cf-admin-user ` is https://github.com/cloudfoundry/capi-release/pull/65
7+ * ` port_forwarding ` is https://github.com/cloudfoundry/networking-release/pull/13
Original file line number Diff line number Diff line change 1+ check file port_forwarding
2+ with path /var/vcap/sys/run/port_forwarding/port_forwarding.check
3+ start program "/var/vcap/jobs/port_forwarding/bin/ctl start"
4+ stop program "/var/vcap/jobs/port_forwarding/bin/ctl stop"
5+ group vcap
Original file line number Diff line number Diff line change 1+ ---
2+ name: port_forwarding
3+
4+ packages: []
5+
6+ templates:
7+ bin/ctl: bin/ctl
8+ bin/forward_ports.sh.erb: bin/forward_ports.sh
9+ bin/unforward_ports.sh.erb: bin/unforward_ports.sh
10+
11+ properties:
12+ networking.port_forwarding:
13+ description: "List of rules that describes the ports to be forwarded. Defaults `internal_ip` to '127.0.0.1'."
14+ default: []
15+ example:
16+ - external_port: 80
17+ internal_ip: 10.10.0.34
18+ internal_port: 8080
19+ - external_port: 443
20+ internal_ip: 10.10.0.34
21+ internal_port: 4443
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ set -e -u
4+
5+ LOG_DIR=/var/vcap/sys/log/port_forwarding
6+ RUN_DIR=/var/vcap/sys/run/port_forwarding
7+
8+ mkdir -p $RUN_DIR $LOG_DIR
9+
10+ exec >> $LOG_DIR /stdout.log 2>&1
11+
12+ case $1 in
13+
14+ start)
15+ echo -n " Applying iptables rules for port forwarding"
16+ /var/vcap/jobs/port_forwarding/bin/forward_ports.sh
17+ touch $RUN_DIR /port_forwarding.check
18+ ;;
19+
20+ stop)
21+ echo -n " Removing iptables rules for port forwarding"
22+ /var/vcap/jobs/port_forwarding/bin/unforward_ports.sh
23+ rm -f $RUN_DIR /port_forwarding.check
24+ ;;
25+ * )
26+
27+ esac
28+
29+ exit 0
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ CHAIN=" portforwarding-release"
4+
5+ function forward_exists {
6+ set -e
7+ chain=$1
8+ iptables -t nat -C ${chain} -j ${CHAIN} 2> /dev/null
9+ }
10+
11+ if ! iptables -t nat -L ${CHAIN} > /dev/null 2>&1 ; then
12+ iptables -t nat -N ${CHAIN}
13+ fi
14+
15+ if ! forward_exists PREROUTING; then
16+ iptables -t nat -A PREROUTING -j ${CHAIN}
17+ fi
18+
19+ if ! forward_exists OUTPUT; then
20+ iptables -t nat -A OUTPUT -j ${CHAIN}
21+ fi
22+
23+ iptables -F ${CHAIN} || true
24+
25+ sysctl net.ipv4.conf.all.route_localnet=1
26+
27+ < % p(" networking.port_forwarding" do | rule| %>
28+ < %
29+ external_ip = rule[' external_ip' || spec.address
30+ external_port = rule[' external_port' || raise(" Expected non-empty 'external_port' on '#{rule.inspect}' rule"
31+ internal_ip = rule[' internal_ip' || " 127.0.0.1"
32+ internal_port = rule[' internal_port' || raise(" Expected non-empty 'internal_port' on '#{rule.inspect}' rule"
33+ -%>
34+ # external clients
35+ sudo iptables -t nat -A portforwarding-release -p tcp -d < %= external_ip %> --dport < %= external_port %> -j DNAT --to < %= internal_ip %> :< %= internal_port %>
36+
37+ # loopback
38+ sudo iptables -t nat -A portforwarding-release -p tcp -d 127.0.0.1 --dport < %= external_port %> -j DNAT --to < %= internal_ip %> :< %= internal_port %> -o lo
39+
40+ < % end %>
Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ iptables -t nat -F portforwarding-release
You can’t perform that action at this time.
0 commit comments