Commit fb94992f authored by Francesc Guasch's avatar Francesc Guasch
Browse files

wip(backend): remove conflicting prerouting

issue #1502
parent d742b765
......@@ -2826,6 +2826,7 @@ sub _used_ports_iptables($self, $port, $skip_port) {
}
sub _open_exposed_port($self, $internal_port, $name, $restricted) {
my $debug_ports = Ravada::setting(undef,'/backend/debug_ports');
my $sth = $$CONNECTOR->dbh->prepare("SELECT id,public_port FROM domain_ports"
." WHERE id_domain=? AND internal_port=?"
);
......@@ -2836,8 +2837,11 @@ sub _open_exposed_port($self, $internal_port, $name, $restricted) {
confess "Error: I can't get the internal IP of ".$self->name
if !$internal_ip || $internal_ip !~ /^(\d+\.\d+)/;
$public_port = undef if $public_port
&& $self->_used_ports_iptables($public_port, "$internal_ip:$internal_port");
if ($public_port && $self->_used_ports_iptables($public_port, "$internal_ip:$internal_port") ) {
$public_port = undef;
warn "".localtime(time)." ".$self->name." cleared duplicate $public_port\n"
if $debug_ports;
}
$public_port = $self->_set_public_port($id_port, $internal_port, $name, $restricted)
if !$public_port;
......@@ -2849,6 +2853,23 @@ sub _open_exposed_port($self, $internal_port, $name, $restricted) {
$sth->execute($internal_ip, $self->id, $internal_port);
if ( !$> ) {
my ($out, $err) = $self->_vm->run_command("iptables-save","-t","nat");
my @open1 = (grep /--dport $public_port/, split/\n/,$out );
my @open2 = (grep /--to-destination $internal_ip:$internal_port/, split/\n/,$out );
my %removed;
for my $line ( @open1, @open2 ) {
next if $removed{$line}++;
warn "".localtime(time)." ".$self->name." clean $line\n" if $debug_ports;
$line =~ s/^-A/-t nat -D/;
my ($out,$err) = $self->_vm->run_command("iptables",split / /,$line);
warn $out if$out;
warn $err if $err;
}
warn "".localtime(time)." ".$self->name." open $public_port ->"
." $internal_ip:$internal_port\n"
if $debug_ports;
$self->_vm->iptables_unique(
t => 'nat'
,A => 'PREROUTING'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment