bug: Correct iptables and SNO DNS

- Remove DNAT rules for 443, 80 & 6443 - Modify the SNO DNS entry Fixes #97
kevydotvinu · Aug 21, 2023 · ca0eea7 · ca0eea7
1 parent 75b73c5
commit ca0eea7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/ignition/00-core.bu b/ignition/00-core.bu
@@ -572,9 +572,6 @@ storage:
           /usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.124.0/24 ! -d 192.168.124.0/24 -j MASQUERADE
           /usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.125.0/24 ! -d 192.168.125.0/24 -j MASQUERADE
           /usr/bin/echo 1 > /proc/sys/net/ipv6/conf/$(ip -o -4 route show default | awk '{print $5}')/disable_ipv6
-          /usr/sbin/iptables -t nat -I PREROUTING -p tcp -i $(/usr/sbin/ip r | grep default | awk '{print $5}' | head -n 1) --dport 443 -j DNAT --to-destination 192.168.123.89:443
-          /usr/sbin/iptables -t nat -I PREROUTING -p tcp -i $(/usr/sbin/ip r | grep default | awk '{print $5}' | head -n 1) --dport 80 -j DNAT --to-destination 192.168.123.89:80
-          /usr/sbin/iptables -t nat -I PREROUTING -p tcp -i $(/usr/sbin/ip r | grep default | awk '{print $5}' | head -n 1) --dport 6443 -j DNAT --to-destination 192.168.123.88:6443
           /usr/bin/test -f /opt/openshift-network-playground/vbmc/ssh/id_rsa || (ssh-keygen -N '' -f /opt/openshift-network-playground/vbmc/ssh/id_rsa && mkdir -p /home/onp/.ssh && cp /opt/openshift-network-playground/vbmc/ssh/id_rsa.pub /home/onp/.ssh/authorized_keys && chown onp:onp -R /home/onp/.ssh)
           /usr/bin/test -f /opt/openshift-network-playground/cockpit-ws.done || (/usr/bin/test -d /usr/share/cockpit && podman container runlabel --name cockpit-ws RUN quay.io/cockpit/ws && podman container runlabel INSTALL quay.io/cockpit/ws && systemctl enable --now cockpit.service && touch /opt/openshift-network-playground/cockpit-ws.done)
           /usr/bin/chown -R onp:onp /home/onp/.local
@@ -873,8 +870,8 @@ storage:
       contents:
         inline: |
           address=/.apps.ocp.example.local/192.168.123.89
-          address=/.apps.sno4.example.local/192.168.124.2
-          address=/.apps.sno64.example.local/192.168.124.3
+          address=/.apps.sno4.example.local/192.168.126.2
+          address=/.apps.sno64.example.local/192.168.126.3
           address=/.apps.sno6.example.local/fd00:dead:beef::2
           address=/.apps.sno64.example.local/fd00:dead:beef::3
           addn-hosts=/etc/hosts

diff --git a/ignition/00-core.ign b/ignition/00-core.ign
@@ -199,7 +199,7 @@
       {
         "path": "/opt/openshift-network-playground/host/configure.sh",
         "contents": {
-          "source": "data:,%23!%2Fbin%2Fsh%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.123.0%2F24%20!%20-d%20192.168.123.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.124.0%2F24%20!%20-d%20192.168.124.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.125.0%2F24%20!%20-d%20192.168.125.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fbin%2Fecho%201%20%3E%20%2Fproc%2Fsys%2Fnet%2Fipv6%2Fconf%2F%24(ip%20-o%20-4%20route%20show%20default%20%7C%20awk%20'%7Bprint%20%245%7D')%2Fdisable_ipv6%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20PREROUTING%20-p%20tcp%20-i%20%24(%2Fusr%2Fsbin%2Fip%20r%20%7C%20grep%20default%20%7C%20awk%20'%7Bprint%20%245%7D'%20%7C%20head%20-n%201)%20--dport%20443%20-j%20DNAT%20--to-destination%20192.168.123.89%3A443%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20PREROUTING%20-p%20tcp%20-i%20%24(%2Fusr%2Fsbin%2Fip%20r%20%7C%20grep%20default%20%7C%20awk%20'%7Bprint%20%245%7D'%20%7C%20head%20-n%201)%20--dport%2080%20-j%20DNAT%20--to-destination%20192.168.123.89%3A80%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20PREROUTING%20-p%20tcp%20-i%20%24(%2Fusr%2Fsbin%2Fip%20r%20%7C%20grep%20default%20%7C%20awk%20'%7Bprint%20%245%7D'%20%7C%20head%20-n%201)%20--dport%206443%20-j%20DNAT%20--to-destination%20192.168.123.88%3A6443%0A%2Fusr%2Fbin%2Ftest%20-f%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa%20%7C%7C%20(ssh-keygen%20-N%20''%20-f%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa%20%26%26%20mkdir%20-p%20%2Fhome%2Fonp%2F.ssh%20%26%26%20cp%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa.pub%20%2Fhome%2Fonp%2F.ssh%2Fauthorized_keys%20%26%26%20chown%20onp%3Aonp%20-R%20%2Fhome%2Fonp%2F.ssh)%0A%2Fusr%2Fbin%2Ftest%20-f%20%2Fopt%2Fopenshift-network-playground%2Fcockpit-ws.done%20%7C%7C%20(%2Fusr%2Fbin%2Ftest%20-d%20%2Fusr%2Fshare%2Fcockpit%20%26%26%20podman%20container%20runlabel%20--name%20cockpit-ws%20RUN%20quay.io%2Fcockpit%2Fws%20%26%26%20podman%20container%20runlabel%20INSTALL%20quay.io%2Fcockpit%2Fws%20%26%26%20systemctl%20enable%20--now%20cockpit.service%20%26%26%20touch%20%2Fopt%2Fopenshift-network-playground%2Fcockpit-ws.done)%0A%2Fusr%2Fbin%2Fchown%20-R%20onp%3Aonp%20%2Fhome%2Fonp%2F.local%0A"
+          "source": "data:,%23!%2Fbin%2Fsh%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.123.0%2F24%20!%20-d%20192.168.123.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.124.0%2F24%20!%20-d%20192.168.124.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fsbin%2Fiptables%20-t%20nat%20-I%20POSTROUTING%20-s%20192.168.125.0%2F24%20!%20-d%20192.168.125.0%2F24%20-j%20MASQUERADE%0A%2Fusr%2Fbin%2Fecho%201%20%3E%20%2Fproc%2Fsys%2Fnet%2Fipv6%2Fconf%2F%24(ip%20-o%20-4%20route%20show%20default%20%7C%20awk%20'%7Bprint%20%245%7D')%2Fdisable_ipv6%0A%2Fusr%2Fbin%2Ftest%20-f%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa%20%7C%7C%20(ssh-keygen%20-N%20''%20-f%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa%20%26%26%20mkdir%20-p%20%2Fhome%2Fonp%2F.ssh%20%26%26%20cp%20%2Fopt%2Fopenshift-network-playground%2Fvbmc%2Fssh%2Fid_rsa.pub%20%2Fhome%2Fonp%2F.ssh%2Fauthorized_keys%20%26%26%20chown%20onp%3Aonp%20-R%20%2Fhome%2Fonp%2F.ssh)%0A%2Fusr%2Fbin%2Ftest%20-f%20%2Fopt%2Fopenshift-network-playground%2Fcockpit-ws.done%20%7C%7C%20(%2Fusr%2Fbin%2Ftest%20-d%20%2Fusr%2Fshare%2Fcockpit%20%26%26%20podman%20container%20runlabel%20--name%20cockpit-ws%20RUN%20quay.io%2Fcockpit%2Fws%20%26%26%20podman%20container%20runlabel%20INSTALL%20quay.io%2Fcockpit%2Fws%20%26%26%20systemctl%20enable%20--now%20cockpit.service%20%26%26%20touch%20%2Fopt%2Fopenshift-network-playground%2Fcockpit-ws.done)%0A%2Fusr%2Fbin%2Fchown%20-R%20onp%3Aonp%20%2Fhome%2Fonp%2F.local%0A"
         },
         "mode": 493
       },
@@ -397,7 +397,7 @@
           "name": "root"
         },
         "contents": {
-          "source": "data:,address%3D%2F.apps.ocp.example.local%2F192.168.123.89%0Aaddress%3D%2F.apps.sno4.example.local%2F192.168.124.2%0Aaddress%3D%2F.apps.sno64.example.local%2F192.168.124.3%0Aaddress%3D%2F.apps.sno6.example.local%2Ffd00%3Adead%3Abeef%3A%3A2%0Aaddress%3D%2F.apps.sno64.example.local%2Ffd00%3Adead%3Abeef%3A%3A3%0Aaddn-hosts%3D%2Fetc%2Fhosts%0A"
+          "source": "data:,address%3D%2F.apps.ocp.example.local%2F192.168.123.89%0Aaddress%3D%2F.apps.sno4.example.local%2F192.168.126.2%0Aaddress%3D%2F.apps.sno64.example.local%2F192.168.126.3%0Aaddress%3D%2F.apps.sno6.example.local%2Ffd00%3Adead%3Abeef%3A%3A2%0Aaddress%3D%2F.apps.sno64.example.local%2Ffd00%3Adead%3Abeef%3A%3A3%0Aaddn-hosts%3D%2Fetc%2Fhosts%0A"
         },
         "mode": 420
       },