From 56faf7b8dbb268bebe9789a205b4be87acfeebb3 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sun, 20 Jan 2019 23:40:53 +0100 Subject: [PATCH] fickit: don't include routing things into frontend --- configs/sysctl-frontend.conf | 1 - fickit-frontend.yml | 11 +---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/configs/sysctl-frontend.conf b/configs/sysctl-frontend.conf index 8c07035a..50ca3f42 100644 --- a/configs/sysctl-frontend.conf +++ b/configs/sysctl-frontend.conf @@ -1,4 +1,3 @@ -net.ipv4.ip_forward = 1 net.ipv6.conf.all.disable_ipv6 = 1 # Increase system file descriptor limit diff --git a/fickit-frontend.yml b/fickit-frontend.yml index 975567e7..fa05226d 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -53,7 +53,7 @@ onboot: # - name: eth3 - name: frontal-ip-setup # with bonding image: linuxkit/ip:v0.6 - command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ] + command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ] net: /run/netns/nginx runtime: interfaces: @@ -467,15 +467,6 @@ files: mode: "0440" - path: etc/iptables/rules-frontal.v4 contents: | - *nat - :PREROUTING ACCEPT [0:0] - :INPUT ACCEPT [0:0] - :OUTPUT ACCEPT [0:0] - :POSTROUTING ACCEPT [0:0] - [0:0] -A PREROUTING -p tcp -m tcp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254 - [0:0] -A PREROUTING -p udp -m udp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254 - [0:0] -A POSTROUTING -o internet -j MASQUERADE - COMMIT *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0]