aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2010-02-19 17:26:40 -0200
committerSilvio Rhatto <rhatto@riseup.net>2010-02-19 17:26:40 -0200
commitff228c21fade94398ecdb089ca8acbc49f3563bc (patch)
tree5448d33ad8521262fe3044d200c98f36ff0bb288
parent80b3f076f347aa7440e53b84cbc09999e7c48af7 (diff)
downloadpuppet-nodo-ff228c21fade94398ecdb089ca8acbc49f3563bc.tar.gz
puppet-nodo-ff228c21fade94398ecdb089ca8acbc49f3563bc.tar.bz2
Internal http requests redirected to proxy
-rw-r--r--manifests/init.pp48
1 files changed, 35 insertions, 13 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 42c2292..19a26cf 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -184,8 +184,8 @@ class nodo::vserver inherits nodo {
# Apply munin configuration for this node
Munin_node <<| title == $hostname |>>
- # We include munin configuration if it's not defined by
- # and exported resource.
+ # We include munin configuration in case the node wasn't defined
+ # by nodo::vserver::instance.
if !defined(munin::client) {
munin_node { "$hostname": }
}
@@ -281,7 +281,7 @@ class nodo::vserver inherits nodo {
}
if $proxy {
- shorewall::rule { 'http-route':
+ shorewall::rule { 'http-route-1':
action => 'DNAT',
source => 'net',
destination => "vm:192.168.0.$context:80",
@@ -291,14 +291,36 @@ class nodo::vserver inherits nodo {
order => '500',
}
- shorewall::rule { 'https-route':
+ shorewall::rule { 'http-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:192.168.0.$context:80",
+ proto => 'tcp',
+ destinationport => '80',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '501',
+ }
+
+ shorewall::rule { 'https-route-1':
action => 'DNAT',
source => 'net',
destination => "vm:192.168.0.$context:443",
proto => 'tcp',
destinationport => '443',
ratelimit => '-',
- order => '501',
+ order => '502',
+ }
+
+ shorewall::rule { 'https-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:192.168.0.$context:443",
+ proto => 'tcp',
+ destinationport => '443',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '502',
}
}
@@ -310,7 +332,7 @@ class nodo::vserver inherits nodo {
proto => 'tcp',
destinationport => '8140',
ratelimit => '-',
- order => '502',
+ order => '600',
}
shorewall::rule { 'puppetmaster-2':
@@ -320,7 +342,7 @@ class nodo::vserver inherits nodo {
proto => 'udp',
destinationport => '8140',
ratelimit => '-',
- order => '503',
+ order => '601',
}
shorewall::rule { 'puppetmaster-3':
@@ -331,7 +353,7 @@ class nodo::vserver inherits nodo {
destinationport => '8140',
originaldest => "$ipaddress",
ratelimit => '-',
- order => '504',
+ order => '602',
}
shorewall::rule { 'puppetmaster-4':
@@ -342,7 +364,7 @@ class nodo::vserver inherits nodo {
destinationport => '8140',
originaldest => "$ipaddress",
ratelimit => '-',
- order => '505',
+ order => '603',
}
}
@@ -354,7 +376,7 @@ class nodo::vserver inherits nodo {
proto => 'tcp',
destinationport => '9418',
ratelimit => '-',
- order => '506',
+ order => '700',
}
shorewall::rule { 'git-daemon-2':
@@ -364,7 +386,7 @@ class nodo::vserver inherits nodo {
proto => 'tcp',
destinationport => '9418',
ratelimit => '-',
- order => '507',
+ order => '701',
}
}
@@ -376,7 +398,7 @@ class nodo::vserver inherits nodo {
proto => 'tcp',
destinationport => '8000',
ratelimit => '-',
- order => '508',
+ order => '800',
}
shorewall::rule { 'icecast-2':
@@ -386,7 +408,7 @@ class nodo::vserver inherits nodo {
proto => 'tcp',
destinationport => '8000',
ratelimit => '-',
- order => '509',
+ order => '801',
}
}
}