@Override public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) { final SetPortForwardingRulesCommand command = (SetPortForwardingRulesCommand) cmd; final List<ForwardingRule> rules = new ArrayList<ForwardingRule>(); for (final PortForwardingRuleTO rule : command.getRules()) { final ForwardingRule fwdRule = new ForwardingRule(rule.revoked(), rule.getProtocol().toLowerCase(), rule.getSrcIp(), rule.getStringSrcPortRange(), rule.getDstIp(), rule.getStringDstPortRange()); rules.add(fwdRule); } final ForwardingRules ruleSet = new ForwardingRules(rules.toArray(new ForwardingRule[rules.size()])); return generateConfigItems(ruleSet); }
private List<String> getRulesForPool(final String poolName, final List<PortForwardingRuleTO> fwRules) { final PortForwardingRuleTO firstRule = fwRules.get(0); final String publicIP = firstRule.getSrcIp(); final int publicPort = firstRule.getSrcPortRange()[0]; for (final PortForwardingRuleTO rule : fwRules) { if (rule.revoked()) { continue; .append(Integer.toString(i++)) .append(" ") .append(rule.getDstIp()) .append(":") .append(rule.getDstPortRange()[0]) .append(" check"); result.add(sb.toString());
final String poolName = sb.append(rule.getSrcIp().replace(".", "_")).append('-').append(rule.getSrcPortRange()[0]).toString(); if (!rule.revoked()) { List<PortForwardingRuleTO> fwList = pools.get(poolName); if (fwList == null) {
if (rule.isAlreadyAdded() && !rule.revoked()) { if (rule.getDstPortRange()[0] != rule.getDstPortRange()[1] || rule.getSrcPortRange()[0] != rule.getSrcPortRange()[1]) { return new ConfigurePortForwardingRulesOnLogicalRouterAnswer(command, false, "Nicira NVP doesn't support port ranges for port forwarding"); final NatRule[] rulepair = niciraNvpResource.generatePortForwardingRulePair(rule.getDstIp(), rule.getDstPortRange(), rule.getSrcIp(), rule.getSrcPortRange(), rule.getProtocol()); if (rule.revoked()) { s_logger.debug("Deleting incoming rule " + incoming.getUuid()); niciraNvpApi.deleteLogicalRouterNatRule(command.getLogicalRouterUuid(), incoming.getUuid()); if (rule.revoked()) { s_logger.warn("Tried deleting a rule that does not exist, " + rule.getSrcIp() + " -> " + rule.getDstIp()); break;
public boolean manageDstNatRule(ArrayList<IPaloAltoCommand> cmdList, PaloAltoPrimative prim, PortForwardingRuleTO rule) throws ExecutionException { String publicIp = rule.getSrcIp(); String dstNatName = genDstNatRuleName(publicIp, rule.getId()); if (rule.getSrcVlanTag() == null) { publicInterfaceName = genPublicInterfaceName(new Long("9999")); } else { publicVlanTag = parsePublicVlanTag(rule.getSrcVlanTag()); if (publicVlanTag.equals("untagged")) { publicInterfaceName = genPublicInterfaceName(new Long("9999")); String protocol = rule.getProtocol(); int[] srcPortRange = rule.getSrcPortRange(); if (srcPortRange != null) { String portRange; int[] dstPortRange = rule.getDstPortRange(); if (dstPortRange != null) { dstPortXML = "<translated-port>" + dstPortRange[0] + "</translated-port>"; xml += "<nat-type>ipv4</nat-type>"; xml += "<to-interface>" + publicInterfaceName + "</to-interface>"; xml += "<destination-translation><translated-address>" + rule.getDstIp() + "</translated-address>" + dstPortXML + "</destination-translation>";
private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) { PortForwardingRuleTO[] rules = cmd.getRules(); try { ArrayList<IPaloAltoCommand> commandList = new ArrayList<IPaloAltoCommand>(); for (PortForwardingRuleTO rule : rules) { if (!rule.revoked()) { manageDstNatRule(commandList, PaloAltoPrimative.ADD, rule); } else { manageDstNatRule(commandList, PaloAltoPrimative.DELETE, rule); } } boolean status = requestWithCommit(commandList); return new Answer(cmd); } catch (ExecutionException e) { s_logger.error(e); if (numRetries > 0 && refreshPaloAltoConnection()) { int numRetriesRemaining = numRetries - 1; s_logger.debug("Retrying SetPortForwardingRulesCommand. Number of retries remaining: " + numRetriesRemaining); return execute(cmd, numRetriesRemaining); } else { return new Answer(cmd, e); } } }
IpAddress sourceIp = networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr()); portForwardingRules.add(ruleTO);
@Override public boolean applyPortForwardingRules(Network network, List<? extends PortForwardingRule> rules) throws ResourceUnavailableException { // Find the external firewall in this zone long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<PortForwardingRuleTO> pfRules = new ArrayList<PortForwardingRuleTO>(); for (PortForwardingRule rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr()); pfRules.add(ruleTO); } sendPortForwardingRules(pfRules, zone, externalFirewall.getId()); return true; } }
args += rule.revoked() ? " -D " : " -A "; args += " -P " + rule.getProtocol().toLowerCase(); args += " -l " + rule.getSrcIp(); args += " -p " + rule.getStringSrcPortRange(); args += " -r " + rule.getDstIp(); args += " -d " + rule.getStringDstPortRange();
public void createApplyPortForwardingRulesCommands(final List<? extends PortForwardingRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) { final List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>(); if (rules != null) { for (final PortForwardingRule rule : rules) { final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); final PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, null, sourceIp.getAddress().addr()); rulesTO.add(ruleTO); } } SetPortForwardingRulesCommand cmd = null; if (router.getVpcId() != null) { cmd = new SetPortForwardingRulesVpcCommand(rulesTO); } else { cmd = new SetPortForwardingRulesCommand(rulesTO); } cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); cmds.addCommand(cmd); }