wip(backend): remove conflicting prerouting

issue #1502

wip(backend): remove conflicting prerouting
issue #1502
fb94992f · Francesc Guasch · d742b765 · fb94992f
Commit fb94992f authored Mar 19, 2021 by Francesc Guasch
--- a/lib/Ravada/Domain.pm
+++ b/lib/Ravada/Domain.pm
@@ -2826,6 +2826,7 @@ sub _used_ports_iptables($self, $port, $skip_port) {
 }

 sub _open_exposed_port($self, $internal_port, $name, $restricted) {
+    my $debug_ports = Ravada::setting(undef,'/backend/debug_ports');
    my $sth = $$CONNECTOR->dbh->prepare("SELECT id,public_port FROM domain_ports"
        ." WHERE id_domain=? AND internal_port=?"
    );
@@ -2836,8 +2837,11 @@ sub _open_exposed_port($self, $internal_port, $name, $restricted) {
    confess "Error: I can't get the internal IP of ".$self->name
        if !$internal_ip || $internal_ip !~ /^(\d+\.\d+)/;

-    $public_port = undef if $public_port
-        && $self->_used_ports_iptables($public_port, "$internal_ip:$internal_port");
+    if ($public_port && $self->_used_ports_iptables($public_port, "$internal_ip:$internal_port") ) {
+        $public_port = undef;
+        warn "".localtime(time)." ".$self->name." cleared duplicate $public_port\n"
+        if $debug_ports;
+    }

    $public_port = $self->_set_public_port($id_port, $internal_port, $name, $restricted)
    if !$public_port;
@@ -2849,6 +2853,23 @@ sub _open_exposed_port($self, $internal_port, $name, $restricted) {
    $sth->execute($internal_ip, $self->id, $internal_port);

    if ( !$> ) {
+        my ($out, $err) = $self->_vm->run_command("iptables-save","-t","nat");
+        my @open1 = (grep /--dport $public_port/, split/\n/,$out );
+        my @open2 = (grep /--to-destination $internal_ip:$internal_port/, split/\n/,$out );
+        my %removed;
+        for my $line ( @open1, @open2 ) {
+            next if $removed{$line}++;
+            warn "".localtime(time)." ".$self->name." clean $line\n" if $debug_ports;
+            $line =~ s/^-A/-t nat -D/;
+            my ($out,$err) = $self->_vm->run_command("iptables",split / /,$line);
+            warn $out if$out;
+            warn $err if $err;
+        }
+
+        warn "".localtime(time)." ".$self->name." open $public_port ->"
+        ." $internal_ip:$internal_port\n"
+        if $debug_ports;
+
        $self->_vm->iptables_unique(
            t => 'nat'
            ,A => 'PREROUTING'