From ff228c21fade94398ecdb089ca8acbc49f3563bc Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 19 Feb 2010 17:26:40 -0200 Subject: Internal http requests redirected to proxy --- manifests/init.pp | 48 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 42c2292..19a26cf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -184,8 +184,8 @@ class nodo::vserver inherits nodo { # Apply munin configuration for this node Munin_node <<| title == $hostname |>> - # We include munin configuration if it's not defined by - # and exported resource. + # We include munin configuration in case the node wasn't defined + # by nodo::vserver::instance. if !defined(munin::client) { munin_node { "$hostname": } } @@ -281,7 +281,7 @@ class nodo::vserver inherits nodo { } if $proxy { - shorewall::rule { 'http-route': + shorewall::rule { 'http-route-1': action => 'DNAT', source => 'net', destination => "vm:192.168.0.$context:80", @@ -291,14 +291,36 @@ class nodo::vserver inherits nodo { order => '500', } - shorewall::rule { 'https-route': + shorewall::rule { 'http-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:80", + proto => 'tcp', + destinationport => '80', + originaldest => "$ipaddress", + ratelimit => '-', + order => '501', + } + + shorewall::rule { 'https-route-1': action => 'DNAT', source => 'net', destination => "vm:192.168.0.$context:443", proto => 'tcp', destinationport => '443', ratelimit => '-', - order => '501', + order => '502', + } + + shorewall::rule { 'https-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:192.168.0.$context:443", + proto => 'tcp', + destinationport => '443', + originaldest => "$ipaddress", + ratelimit => '-', + order => '502', } } @@ -310,7 +332,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8140', ratelimit => '-', - order => '502', + order => '600', } shorewall::rule { 'puppetmaster-2': @@ -320,7 +342,7 @@ class nodo::vserver inherits nodo { proto => 'udp', destinationport => '8140', ratelimit => '-', - order => '503', + order => '601', } shorewall::rule { 'puppetmaster-3': @@ -331,7 +353,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '504', + order => '602', } shorewall::rule { 'puppetmaster-4': @@ -342,7 +364,7 @@ class nodo::vserver inherits nodo { destinationport => '8140', originaldest => "$ipaddress", ratelimit => '-', - order => '505', + order => '603', } } @@ -354,7 +376,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '506', + order => '700', } shorewall::rule { 'git-daemon-2': @@ -364,7 +386,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '9418', ratelimit => '-', - order => '507', + order => '701', } } @@ -376,7 +398,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '508', + order => '800', } shorewall::rule { 'icecast-2': @@ -386,7 +408,7 @@ class nodo::vserver inherits nodo { proto => 'tcp', destinationport => '8000', ratelimit => '-', - order => '509', + order => '801', } } } -- cgit v1.2.3