zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 17:29:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

initial commit of iptables functionality

Browse Source
This commit is contained in:
afeiszli
2022-01-25 11:58:51 -05:00
parent b0db450a79
commit cc8037c921
6 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Dockerfile-builder Normal file
View File

@@ -0,0 +1,9 @@
#first stage - builder
FROM golang:1.17
ARG version
WORKDIR /app
COPY . .
ENV GO111MODULE=auto
# RUN GOOS=linux CGO_ENABLED=1 go build -tags debug -ldflags="-s -X 'main.version=$version'" -o netmaker main.go
RUN GOOS=linux CGO_ENABLED=1 go build -ldflags="-s -X 'main.version=$version'" -o netmaker main.go

2
config/config.go
View File

@@ -71,6 +71,8 @@ type ServerConfig struct {
AzureTenant string `yaml:"azuretenant"` AzureTenant string `yaml:"azuretenant"`
RCE string `yaml:"rce"` RCE string `yaml:"rce"`
Telemetry string `yaml:"telemetry"` Telemetry string `yaml:"telemetry"`
ManageIPTables string `yaml:"manageiptables"`
PortForwardServices string `yaml:"portforwardservices"`
} }
// SQLConfig - Generic SQL Config // SQLConfig - Generic SQL Config

7
main.go
View File

@@ -68,6 +68,13 @@ func initialize() { // Client Mode Prereq Check
logger.FatalLog("Did not find netclient to use CLIENT_MODE") logger.FatalLog("Did not find netclient to use CLIENT_MODE")
} }
} }
// initialize iptables to ensure gateways work correctly and mq is forwarded if containerized
if servercfg.ManageIPTables() != "off" {
if err = serverctl.InitIPTables(); err != nil {
logger.FatalLog("Unable to initialize iptables on host:", err.Error())
}
}
if servercfg.IsDNSMode() { if servercfg.IsDNSMode() {
err := functions.SetDNSDir() err := functions.SetDNSDir()

26
servercfg/serverconf.go
View File

@@ -86,6 +86,7 @@ func GetServerConfig() config.ServerConfig {
cfg.RCE = "off" cfg.RCE = "off"
} }
cfg.Telemetry = Telemetry() cfg.Telemetry = Telemetry()
cfg.ManageIPTables = ManageIPTables()
return cfg return cfg
} }
@@ -332,6 +333,18 @@ func Telemetry() string {
return telemetry return telemetry
} }
// ManageIPTables - checks if iptables should be manipulated on host
func ManageIPTables() string {
manage := "on"
if os.Getenv("MANAGE_IPTABLES") == "off" {
manage = "off"
}
if config.Config.Server.ManageIPTables == "off" {
manage = "off"
}
return manage
}
// IsDNSMode - should it run with DNS // IsDNSMode - should it run with DNS
func IsDNSMode() bool { func IsDNSMode() bool {
isdns := true isdns := true
@@ -446,6 +459,19 @@ func GetPlatform() string {
return platform return platform
} }
// GetIPForwardServiceList - get the list of services that the server should be forwarding
func GetPortForwardServiceList() []string {
//services := "mq,dns,ssh"
services := ""
if os.Getenv("PORT_FORWARD_SERVICES") != "" {
services = os.Getenv("PORT_FORWARD_SERVICES")
} else if config.Config.Server.PortForwardServices != "" {
services = config.Config.Server.PortForwardServices
}
serviceSlice := strings.Split(services, ",")
return serviceSlice
}
// GetSQLConn - get the sql connection string // GetSQLConn - get the sql connection string
func GetSQLConn() string { func GetSQLConn() string {
sqlconn := "http://" sqlconn := "http://"

60
serverctl/iptables.go Normal file
View File

@@ -0,0 +1,60 @@
package serverctl
import (
"net"
"os/exec"
"strings"
"github.com/gravitl/netmaker/netclient/ncutils"
"github.com/gravitl/netmaker/servercfg"
)
// InitServerNetclient - intializes the server netclient
func InitIPTables() error {
_, err := exec.LookPath("iptables")
if err != nil {
return err
}
setForwardPolicy()
portForwardServices()
return nil
}
func portForwardServices() {
services := servercfg.GetPortForwardServiceList()
for _, service := range services {
switch service {
case "mq":
iptablesPortForward("mq", "1883", false)
case "dns":
iptablesPortForward("mq", "1883", false)
case "ssh":
iptablesPortForward("127.0.0.1", "22", true)
default:
params := strings.Split(service, ":")
iptablesPortForward(params[0], params[1], true)
}
}
}
func setForwardPolicy() {
ncutils.RunCmd("iptables --policy FORWARD ACCEPT", true)
}
func iptablesPortForward(entry string, port string, isIP bool) {
var address string
if !isIP {
ips, _ := net.LookupIP(entry)
for _, ip := range ips {
if ipv4 := ip.To4(); ipv4 != nil {
address = ip.String()
break
}
}
} else {
address = entry
}
ncutils.RunCmd("iptables -t nat -A PREROUTING -p tcp --dport "+port+" -j DNAT --to-destination "+address+":"+port, true)
ncutils.RunCmd("iptables -t nat -A POSTROUTING -j MASQUERADE", true)
}

2
serverctl/serverctl.go
View File

@@ -12,6 +12,8 @@ import (
"github.com/gravitl/netmaker/netclient/ncutils" "github.com/gravitl/netmaker/netclient/ncutils"
) )
const NETMAKER_BINARY_NAME = "netmaker"
// InitServerNetclient - intializes the server netclient // InitServerNetclient - intializes the server netclient
func InitServerNetclient() error { func InitServerNetclient() error {
netclientDir := ncutils.GetNetclientPath() netclientDir := ncutils.GetNetclientPath()