From: Jenkins <jenkins@review.openstack.org>
Date: Sat, 18 Jul 2015 02:02:16 +0000 (+0000)
Subject: Merge "Make external_gateway_nat_rules easier to understand"
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=312bd47265749a4f4e36d3784330ea4f568a9b8c;p=openstack-build%2Fneutron-build.git

Merge "Make external_gateway_nat_rules easier to understand"
---

312bd47265749a4f4e36d3784330ea4f568a9b8c
diff --cc neutron/agent/l3/router_info.py
index 43a7c1d45,85ca4a9a3..d8f53914e
--- a/neutron/agent/l3/router_info.py
+++ b/neutron/agent/l3/router_info.py
@@@ -518,21 -534,30 +518,30 @@@ class RouterInfo(object)
                                 prefix=EXTERNAL_DEV_PREFIX)
  
          # Process SNAT rules for external gateway
 -        self.perform_snat_action(self._handle_router_snat_rules,
 -                                 interface_name)
 +        gw_port = self._router.get('gw_port')
 +        self._handle_router_snat_rules(gw_port, interface_name)
  
      def external_gateway_nat_rules(self, ex_gw_ip, interface_name):
-         mark = self.agent_conf.external_ingress_mark
-         rules = [('POSTROUTING', '! -i %(interface_name)s '
-                   '! -o %(interface_name)s -m conntrack ! '
-                   '--ctstate DNAT -j ACCEPT' %
-                   {'interface_name': interface_name}),
-                  ('snat', '-o %s -j SNAT --to-source %s' %
-                   (interface_name, ex_gw_ip)),
-                  ('snat', '-m mark ! --mark %s '
-                   '-m conntrack --ctstate DNAT '
-                   '-j SNAT --to-source %s' % (mark, ex_gw_ip))]
-         return rules
+         dont_snat_traffic_to_internal_ports_if_not_to_floating_ip = (
+             'POSTROUTING', '! -i %(interface_name)s '
+                            '! -o %(interface_name)s -m conntrack ! '
+                            '--ctstate DNAT -j ACCEPT' %
+                            {'interface_name': interface_name})
+ 
+         snat_normal_external_traffic = (
+             'snat', '-o %s -j SNAT --to-source %s' %
+                     (interface_name, ex_gw_ip))
+ 
+         # Makes replies come back through the router to reverse DNAT
+         ext_in_mark = self.agent_conf.external_ingress_mark
+         snat_internal_traffic_to_floating_ip = (
+             'snat', '-m mark ! --mark %s '
+                     '-m conntrack --ctstate DNAT '
+                     '-j SNAT --to-source %s' % (ext_in_mark, ex_gw_ip))
+ 
+         return [dont_snat_traffic_to_internal_ports_if_not_to_floating_ip,
+                 snat_normal_external_traffic,
+                 snat_internal_traffic_to_floating_ip]
  
      def external_gateway_mangle_rules(self, interface_name):
          mark = self.agent_conf.external_ingress_mark