Internal http requests redirected to proxy

author Silvio Rhatto <rhatto@riseup.net>

Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)
diff --git a/manifests/init.pp b/manifests/init.pp

index 42c229278c65498ecf046619aed29ced44992f18..19a26cff9205db751b3dd783666dd3ee5004de8a 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -184,8 +184,8 @@ class nodo::vserver inherits nodo {
    # Apply munin configuration for this node
    Munin_node <<| title == $hostname |>>
  
-  # We include munin configuration if it's not defined by
-  # and exported resource.
+  # We include munin configuration in case the node wasn't defined
+  # by nodo::vserver::instance.
    if !defined(munin::client) {
      munin_node { "$hostname": }
    }
@@ -281,7 +281,7 @@ class nodo::vserver inherits nodo {
          }
  
          if $proxy {
-          shorewall::rule { 'http-route':
+          shorewall::rule { 'http-route-1':
              action          => 'DNAT',
              source          => 'net',
              destination     => "vm:192.168.0.$context:80",
@@ -291,14 +291,36 @@ class nodo::vserver inherits nodo {
              order           => '500',
            }
  
-          shorewall::rule { 'https-route':
+          shorewall::rule { 'http-route-2':
+            action          => 'DNAT',
+            source          => '$FW',
+            destination     => "fw:192.168.0.$context:80",
+            proto           => 'tcp',
+            destinationport => '80',
+            originaldest    => "$ipaddress",
+            ratelimit       => '-',
+            order           => '501',
+          }
+
+          shorewall::rule { 'https-route-1':
              action          => 'DNAT',
              source          => 'net',
              destination     => "vm:192.168.0.$context:443",
              proto           => 'tcp',
              destinationport => '443',
              ratelimit       => '-',
-            order           => '501',
+            order           => '502',
+          }
+
+          shorewall::rule { 'https-route-2':
+            action          => 'DNAT',
+            source          => '$FW',
+            destination     => "fw:192.168.0.$context:443",
+            proto           => 'tcp',
+            destinationport => '443',
+            originaldest    => "$ipaddress",
+            ratelimit       => '-',
+            order           => '502',
            }
          }
  
@@ -310,7 +332,7 @@ class nodo::vserver inherits nodo {
              proto           => 'tcp',
              destinationport => '8140',
              ratelimit       => '-',
-            order           => '502',
+            order           => '600',
            }
  
            shorewall::rule { 'puppetmaster-2':
@@ -320,7 +342,7 @@ class nodo::vserver inherits nodo {
              proto           => 'udp',
              destinationport => '8140',
              ratelimit       => '-',
-            order           => '503',
+            order           => '601',
            }
  
            shorewall::rule { 'puppetmaster-3':
@@ -331,7 +353,7 @@ class nodo::vserver inherits nodo {
              destinationport => '8140',
              originaldest    => "$ipaddress",
              ratelimit       => '-',
-            order           => '504',
+            order           => '602',
            }
  
            shorewall::rule { 'puppetmaster-4':
@@ -342,7 +364,7 @@ class nodo::vserver inherits nodo {
              destinationport => '8140',
              originaldest    => "$ipaddress",
              ratelimit       => '-',
-            order           => '505',
+            order           => '603',
            }
          }
  
@@ -354,7 +376,7 @@ class nodo::vserver inherits nodo {
              proto           => 'tcp',
              destinationport => '9418',
              ratelimit       => '-',
-            order           => '506',
+            order           => '700',
            }
  
            shorewall::rule { 'git-daemon-2':
@@ -364,7 +386,7 @@ class nodo::vserver inherits nodo {
              proto           => 'tcp',
              destinationport => '9418',
              ratelimit       => '-',
-            order           => '507',
+            order           => '701',
            }
          }
  
@@ -376,7 +398,7 @@ class nodo::vserver inherits nodo {
              proto           => 'tcp',
              destinationport => '8000',
              ratelimit       => '-',
-            order           => '508',
+            order           => '800',
            }
  
            shorewall::rule { 'icecast-2':
@@ -386,7 +408,7 @@ class nodo::vserver inherits nodo {
              proto           => 'tcp',
              destinationport => '8000',
              ratelimit       => '-',
-            order           => '509',
+            order           => '801',
            }
          }
        }
author	Silvio Rhatto <rhatto@riseup.net>
	Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Fri, 19 Feb 2010 19:26:40 +0000 (17:26 -0200)