Add api-server SNAT rule and enable forward

author Le Yao <le.yao@intel.com>

Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)

committer Le Yao <le.yao@intel.com>

Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)
author Le Yao <le.yao@intel.com>
Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)
committer Le Yao <le.yao@intel.com>
Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)
diff --git a/platform/cnf/src/10-default.conf b/platform/cnf/src/10-default.conf

new file mode 100644 (file)

index 0000000..46d079b
--- /dev/null
+++ b/platform/cnf/src/10-default.conf
@@ -0,0 +1,25 @@
+# Do not edit, changes to this file will be lost on upgrades
+# /etc/sysctl.conf can be used to customize sysctl settings
+
+kernel.panic=3
+kernel.core_pattern=/tmp/%e.%t.%p.%s.core
+fs.suid_dumpable=2
+
+fs.protected_hardlinks=1
+fs.protected_symlinks=1
+
+net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.all.arp_ignore=1
+net.ipv4.ip_forward=1
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.icmp_ignore_bogus_error_responses=1
+net.ipv4.igmp_max_memberships=100
+net.ipv4.tcp_fin_timeout=30
+net.ipv4.tcp_keepalive_time=120
+net.ipv4.tcp_syncookies=1
+net.ipv4.tcp_timestamps=1
+net.ipv4.tcp_sack=1
+net.ipv4.tcp_dsack=1
+
+net.ipv6.conf.default.forwarding=1
+net.ipv6.conf.all.forwarding=1
diff --git a/platform/cnf/src/Dockerfile_1806_mwan3.tpl b/platform/cnf/src/Dockerfile_1806_mwan3.tpl

index 161038e..12142f7 100644 (file)
--- a/platform/cnf/src/Dockerfile_1806_mwan3.tpl
+++ b/platform/cnf/src/Dockerfile_1806_mwan3.tpl
@@ -21,6 +21,7 @@ COPY sdewan.user /etc/sdewan.user
  COPY sdewan_svc.info /etc/sdewan_svc.info
  COPY default_firewall /etc/config/firewall
  COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1
+COPY 10-default.conf /etc/sysctl.d/10-default.conf
  
  ENV http_proxy=
  ENV https_proxy=
diff --git a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl b/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl

index c89bb4c..692fc3c 100644 (file)
--- a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl
+++ b/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl
@@ -18,6 +18,7 @@ COPY sdewan.user /etc/sdewan.user
  COPY sdewan_svc.info /etc/sdewan_svc.info
  COPY default_firewall /etc/config/firewall
  COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1
+COPY 10-default.conf /etc/sysctl.d/10-default.conf
  
  USER root
  
diff --git a/platform/cnf/src/sdewan.user b/platform/cnf/src/sdewan.user

index f6b152e..a933c74 100644 (file)
--- a/platform/cnf/src/sdewan.user
+++ b/platform/cnf/src/sdewan.user
@@ -45,3 +45,15 @@ do
      count=$(($count+1))
  done < /etc/sdewan_svc.info
  
+SNAT_RULE='POSTROUTING -o eth0 -j MASQUERADE'
+
+iptables -t nat -C $SNAT_RULE || if_exist=$?
+
+if [ $if_exist -ne 0 ];
+then
+   echo "Insert Default rules"
+else
+   iptables -t nat -D $SNAT_RULE
+fi
+
+iptables -t nat -A $SNAT_RULE
author	Le Yao <le.yao@intel.com>
	Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)
committer	Le Yao <le.yao@intel.com>
	Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)
platform/cnf/src/10-default.conf	[new file with mode: 0644]	patch \| blob
platform/cnf/src/Dockerfile_1806_mwan3.tpl		patch \| blob \| history
platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl		patch \| blob \| history
platform/cnf/src/sdewan.user		patch \| blob \| history