예제 #1
0
def remove_mapping(source_ip, destination_ip, source_port=-1, destination_port=-1):

    nat_type, nat_ip, nat_user = get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        # source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
        if source_port == -1 and destination_port == -1:
            logger.debug("Removing mapping for public IP: %s and private IP: %s" %(source_ip, destination_ip))
            
            interfaces_command = get_interfaces_command('Delete', source_ip)
            iptables_command = get_ip_tables_command('Delete', source_ip , destination_ip)
            
            command = interfaces_command + iptables_command
            
        else:
            logger.debug("Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s" %(source_ip, destination_ip, source_port, destination_port))

            command = get_ip_tables_command('Delete', source_ip , destination_ip, source_port, destination_port)

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        #This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #2
0
def create_mapping(source_ip , destination_ip, source_port = -1, destination_port = -1, duration = -1 ):

    nat_type, nat_ip, nat_user = get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        
        if source_port == -1 & destination_port == -1:
            logger.debug("Adding public ip %s private ip %s mapping on NAT" %(source_ip, destination_ip))

            interfaces_command = get_interfaces_command('Add', source_ip)
            iptables_command = get_ip_tables_command('Add', source_ip , destination_ip)
            
            command = interfaces_command + iptables_command

        else:
            logger.debug("Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s" %(source_ip, destination_ip, source_port, destination_port, duration))
            
            logger.debug("Creating SSH session on NAT box %s" %(nat_ip))
            
            interfaces_command = get_interfaces_command('Add', source_ip)
            iptables_command = get_ip_tables_command('Add', source_ip , destination_ip, source_port, destination_port)

            command = interfaces_command + iptables_command

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #3
0
def clear_all_nat_mappings(db):
    """
    Clears mappings from NAT
    """
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:

        logger.debug("Clearing all NAT mappings")

        command = ''
        # For all public IP - private IP mappings, Delete aliases
        for vm_data_info in db(db.vm_data.public_ip != None).select():
            private_ip = vm_data_info.private_ip.private_ip
            public_ip = vm_data_info.public_ip.public_ip
            logger.debug(
                'Removing private to public IP mapping for private IP: %s and public IP:%s'
                % (private_ip, public_ip))
            #             private_ip_octets = mapping['private_ip'].split('.')
            public_ip_octets = public_ip.split('.')
            interface_alias = "%s:%s.%s.%s" % (
                NAT_PUBLIC_INTERFACE, public_ip_octets[1], public_ip_octets[2],
                public_ip_octets[3])

            command += '''
                        rm /etc/network/interfaces.d/2_%s.cfg
                        ifconfig %s down
                        cat /etc/network/interfaces.d/*.cfg > /etc/network/interfaces
                       ''' % (interface_alias, interface_alias)

        # Flushing all rules from iptables
        command += '''
            iptables --flush
            iptables -t nat --flush
            iptables --delete-chain
            iptables -t nat --delete-chain
            /etc/init.d/iptables-persistent save
            /etc/init.d/iptables-persistent reload
            exit
        '''
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

        # Updating DB
        logger.debug(
            "Flushing all public Ip - private IP mappings and VNC mappings from DB"
        )
        db.vm_data.update(public_ip=None)
        db.vnc_access.update(status=VNC_ACCESS_STATUS_INACTIVE)
    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        logger.debug("Clearing all mapping information from DB")

        db.vm_data.update(public_ip=None)
        db.vnc_access.update(status=VNC_ACCESS_STATUS_INACTIVE)

    else:
        raise Exception("NAT type is not supported")
예제 #4
0
def create_mapping(source_ip,
                   destination_ip,
                   source_port=-1,
                   destination_port=-1,
                   duration=-1):
    """
    Function to create mappings in NAT
    If NAT type is software_nat then for creating public - private IP mapping:
        - Create the alias on NAT that will listen on the public IP.
        - Create rules in iptables to forward the traffic coming on public IP to private IP and vice versa.
    For providing VNC access:
        - Check if the NAT is listening on the public IP to be used for VNC access.
        - If NAT is not listening on the desired public IP, create an alias to listen on that IP.
        - Create rules in iptables to forward the VNC traffic to the host.
    """
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:

        if source_port == -1 & destination_port == -1:
            logger.debug("Adding public ip %s private ip %s mapping on NAT" %
                         (source_ip, destination_ip))

            interfaces_command = _get_interfaces_command('Add', source_ip)
            iptables_command = _get_ip_tables_command('Add', source_ip,
                                                      destination_ip)

            command = interfaces_command + iptables_command

        else:
            logger.debug(
                "Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s"
                % (source_ip, destination_ip, source_port, destination_port,
                   duration))

            logger.debug("Creating SSH session on NAT box %s" % (nat_ip))

            interfaces_command = _get_interfaces_command('Add', source_ip)
            iptables_command = _get_ip_tables_command('Add', source_ip,
                                                      destination_ip,
                                                      source_port,
                                                      destination_port)

            command = interfaces_command + iptables_command

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #5
0
def clear_all_timedout_vnc_mappings():
    """
    Deletes all timed-out VNC mappings from NAT
    """    
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
       
        logger.debug("Clearing all timed out VNC mappings from NAT box %s" %(nat_ip)) 

        # Get all active VNC mappings from DB
        vnc_mappings = current.db((current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE) & 
                                  (current.db.vnc_access.expiry_time < get_datetime())).select()
        if (vnc_mappings != None) & (len(vnc_mappings) != 0):
            # Delete the VNC mapping from NAT if the duration of access has past its requested time duration
            command = ''
            for mapping in vnc_mappings:
                logger.debug('Removing VNC mapping for vm id: %s, host: %s, source IP: %s, source port: %s, destination port: %s' %(mapping.vm_id, mapping.host_id, mapping.vnc_server_ip, mapping.vnc_source_port, mapping.vnc_destination_port))
                host_ip = mapping.host_id.host_ip.private_ip
                # Delete rules from iptables on NAT box
                command += '''
                iptables -D PREROUTING -t nat -i %s -p tcp -d %s --dport %s -j DNAT --to %s:%s
                iptables -D FORWARD -p tcp -d %s --dport %s -j ACCEPT''' %(NAT_PUBLIC_INTERFACE, mapping.vnc_server_ip, mapping.vnc_source_port, host_ip, mapping.vnc_destination_port, host_ip, mapping.vnc_destination_port)

                # Update DB for each VNC access
                current.db(current.db.vnc_access.id == mapping.id).update(status=VNC_ACCESS_STATUS_INACTIVE)

            command += '''
                /etc/init.d/iptables-persistent save
                /etc/init.d/iptables-persistent reload
                exit
            ''' 

            current.db.commit()
            execute_remote_bulk_cmd(nat_ip, nat_user, command)
        logger.debug("Done clearing vnc mappings")    
    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        logger.debug('Clearing all timed out VNC mappings') 

        # Get all active VNC mappings from DB
        vnc_mappings = current.db((current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE) & 
                                  (current.db.vnc_access.expiry_time < get_datetime())).select()
        if (vnc_mappings != None) & (len(vnc_mappings) != 0):

            for mapping in vnc_mappings:
                # Update DB for each VNC access
                current.db(current.db.vnc_access.id == mapping.id).update(status=VNC_ACCESS_STATUS_INACTIVE)
            current.db.commit()
        logger.debug("Done clearing vnc mappings")    
    else:
        raise Exception("NAT type is not supported")
예제 #6
0
def clear_all_nat_mappings(db):
    """
    Clears mappings from NAT
    """    
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:

        logger.debug("Clearing all NAT mappings")
    
        command = ''
        # For all public IP - private IP mappings, Delete aliases
        for vm_data_info in db(db.vm_data.public_ip != None).select():
            private_ip = vm_data_info.private_ip.private_ip
            public_ip = vm_data_info.public_ip.public_ip
            logger.debug('Removing private to public IP mapping for private IP: %s and public IP:%s' %(private_ip, public_ip))
#             private_ip_octets = mapping['private_ip'].split('.')
            public_ip_octets = public_ip.split('.')
            interface_alias = "%s:%s.%s.%s" %(NAT_PUBLIC_INTERFACE, public_ip_octets[1], public_ip_octets[2], public_ip_octets[3])

            command += '''
                        rm /etc/network/interfaces.d/2_%s.cfg
                        ifconfig %s down
                        cat /etc/network/interfaces.d/*.cfg > /etc/network/interfaces
                       ''' %(interface_alias, interface_alias)

        # Flushing all rules from iptables
        command += '''
            iptables --flush
            iptables -t nat --flush
            iptables --delete-chain
            iptables -t nat --delete-chain
            /etc/init.d/iptables-persistent save
            /etc/init.d/iptables-persistent reload
            exit
        '''
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

        # Updating DB
        logger.debug("Flushing all public Ip - private IP mappings and VNC mappings from DB")
        db.vm_data.update(public_ip = None)
        db.vnc_access.update(status = VNC_ACCESS_STATUS_INACTIVE)
    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        logger.debug("Clearing all mapping information from DB")

        db.vm_data.update(public_ip = None)
        db.vnc_access.update(status = VNC_ACCESS_STATUS_INACTIVE)

    else:
        raise Exception("NAT type is not supported")
예제 #7
0
def remove_mapping(source_ip,
                   destination_ip,
                   source_port=-1,
                   destination_port=-1):
    """
    Function to remove mapping from NAT
    If NAT type is software_nat then for removing public IP - private IP mapping:
        - Remove the alias on NAT listening on the public IP.
        - Delete rules from iptables to forward the traffic coming on public IP to private IP and vice versa.
        - Flush the entries from DB and make public IP free.
    For revoking VNC access:
        - Delete rules from iptables to forward the VNC traffic to the host.
        - Update DB to make the VNC access inactive.
    """
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        # source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
        if source_port == -1 and destination_port == -1:
            logger.debug(
                "Removing mapping for public IP: %s and private IP: %s" %
                (source_ip, destination_ip))

            interfaces_command = _get_interfaces_command('Delete', source_ip)
            iptables_command = _get_ip_tables_command('Delete', source_ip,
                                                      destination_ip)

            command = interfaces_command + iptables_command

        else:
            logger.debug(
                "Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s"
                % (source_ip, destination_ip, source_port, destination_port))

            command = _get_ip_tables_command('Delete', source_ip,
                                             destination_ip, source_port,
                                             destination_port)

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        #This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #8
0
def create_mapping(source_ip,
                   destination_ip,
                   source_port=-1,
                   destination_port=-1,
                   duration=-1):

    nat_type, nat_ip, nat_user = get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:

        if source_port == -1 & destination_port == -1:
            logger.debug("Adding public ip %s private ip %s mapping on NAT" %
                         (source_ip, destination_ip))

            interfaces_command = get_interfaces_command('Add', source_ip)
            iptables_command = get_ip_tables_command('Add', source_ip,
                                                     destination_ip)

            command = interfaces_command + iptables_command

        else:
            logger.debug(
                "Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s"
                % (source_ip, destination_ip, source_port, destination_port,
                   duration))

            logger.debug("Creating SSH session on NAT box %s" % (nat_ip))

            interfaces_command = get_interfaces_command('Add', source_ip)
            iptables_command = get_ip_tables_command('Add', source_ip,
                                                     destination_ip,
                                                     source_port,
                                                     destination_port)

            command = interfaces_command + iptables_command

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #9
0
def create_mapping(source_ip , destination_ip, source_port = -1, destination_port = -1, duration = -1 ):
    """
    Function to create mappings in NAT
    If NAT type is software_nat then for creating public - private IP mapping:
        - Create the alias on NAT that will listen on the public IP.
        - Create rules in iptables to forward the traffic coming on public IP to private IP and vice versa.
    For providing VNC access:
        - Check if the NAT is listening on the public IP to be used for VNC access.
        - If NAT is not listening on the desired public IP, create an alias to listen on that IP.
        - Create rules in iptables to forward the VNC traffic to the host.
    """    
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        
        if source_port == -1 & destination_port == -1:
            logger.debug("Adding public ip %s private ip %s mapping on NAT" %(source_ip, destination_ip))

            interfaces_command = _get_interfaces_command('Add', source_ip)
            iptables_command = _get_ip_tables_command('Add', source_ip , destination_ip)
            
            command = interfaces_command + iptables_command

        else:
            logger.debug("Creating VNC mapping on NAT box for public IP %s host IP %s public VNC port %s private VNC port %s duration %s" %(source_ip, destination_ip, source_port, destination_port, duration))
            
            logger.debug("Creating SSH session on NAT box %s" %(nat_ip))
            
            interfaces_command = _get_interfaces_command('Add', source_ip)
            iptables_command = _get_ip_tables_command('Add', source_ip , destination_ip, source_port, destination_port)

            command = interfaces_command + iptables_command

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #10
0
def remove_mapping(source_ip,
                   destination_ip,
                   source_port=-1,
                   destination_port=-1):

    nat_type, nat_ip, nat_user = get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        # source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
        if source_port == -1 and destination_port == -1:
            logger.debug(
                "Removing mapping for public IP: %s and private IP: %s" %
                (source_ip, destination_ip))

            interfaces_command = get_interfaces_command('Delete', source_ip)
            iptables_command = get_ip_tables_command('Delete', source_ip,
                                                     destination_ip)

            command = interfaces_command + iptables_command

        else:
            logger.debug(
                "Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s"
                % (source_ip, destination_ip, source_port, destination_port))

            command = get_ip_tables_command('Delete', source_ip,
                                            destination_ip, source_port,
                                            destination_port)

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        #This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #11
0
def remove_mapping(source_ip, destination_ip, source_port=-1, destination_port=-1):
    """
    Function to remove mapping from NAT
    If NAT type is software_nat then for removing public IP - private IP mapping:
        - Remove the alias on NAT listening on the public IP.
        - Delete rules from iptables to forward the traffic coming on public IP to private IP and vice versa.
        - Flush the entries from DB and make public IP free.
    For revoking VNC access:
        - Delete rules from iptables to forward the VNC traffic to the host.
        - Update DB to make the VNC access inactive.
    """    
    nat_type, nat_ip, nat_user = _get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:
        # source_port and destination_port are -1 when function is called for removing public IP - private IP mapping
        if source_port == -1 and destination_port == -1:
            logger.debug("Removing mapping for public IP: %s and private IP: %s" %(source_ip, destination_ip))
            
            interfaces_command = _get_interfaces_command('Delete', source_ip)
            iptables_command = _get_ip_tables_command('Delete', source_ip , destination_ip)
            
            command = interfaces_command + iptables_command
            
        else:
            logger.debug("Removing VNC mapping from NAT for public IP %s host IP %s public VNC port %s private VNC port %s" %(source_ip, destination_ip, source_port, destination_port))

            command = _get_ip_tables_command('Delete', source_ip , destination_ip, source_port, destination_port)

        # Create SSH session to execute all commands on NAT box.
        execute_remote_bulk_cmd(nat_ip, nat_user, command)

    elif nat_type == NAT_TYPE_HARDWARE:
        #This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        return
    else:
        raise Exception("NAT type is not supported")
예제 #12
0
def clear_all_timedout_vnc_mappings():

    nat_type, nat_ip, nat_user = get_nat_details()

    if nat_type == NAT_TYPE_SOFTWARE:

        logger.debug("Clearing all timed out VNC mappings from NAT box %s" %
                     (nat_ip))

        # Get all active VNC mappings from DB
        vnc_mappings = current.db(
            (current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE)
            & (current.db.vnc_access.expiry_time < get_datetime())).select()
        if (vnc_mappings != None) & (len(vnc_mappings) != 0):
            # Delete the VNC mapping from NAT if the duration of access has past its requested time duration
            command = ''
            for mapping in vnc_mappings:
                logger.debug(
                    'Removing VNC mapping for vm id: %s, host: %s, source IP: %s, source port: %s, destination port: %s'
                    % (mapping.vm_id, mapping.host_id, mapping.vnc_server_ip,
                       mapping.vnc_source_port, mapping.vnc_destination_port))
                host_ip = mapping.host_id.host_ip.private_ip
                # Delete rules from iptables on NAT box
                command += '''
                iptables -D PREROUTING -t nat -i %s -p tcp -d %s --dport %s -j DNAT --to %s:%s
                iptables -D FORWARD -p tcp -d %s --dport %s -j ACCEPT''' % (
                    NAT_PUBLIC_INTERFACE, mapping.vnc_server_ip,
                    mapping.vnc_source_port, host_ip,
                    mapping.vnc_destination_port, host_ip,
                    mapping.vnc_destination_port)

                # Update DB for each VNC access
                current.db(current.db.vnc_access.id == mapping.id).update(
                    status=VNC_ACCESS_STATUS_INACTIVE)

            command += '''
                /etc/init.d/iptables-persistent save
                /etc/init.d/iptables-persistent reload
                exit
            '''

            current.db.commit()
            execute_remote_bulk_cmd(nat_ip, nat_user, command)
        logger.debug("Done clearing vnc mappings")
    elif nat_type == NAT_TYPE_HARDWARE:
        # This function is to be implemented
        raise Exception("No implementation for NAT type hardware")
    elif nat_type == NAT_TYPE_MAPPING:
        # This function is to be implemented
        logger.debug('Clearing all timed out VNC mappings')

        # Get all active VNC mappings from DB
        vnc_mappings = current.db(
            (current.db.vnc_access.status == VNC_ACCESS_STATUS_ACTIVE)
            & (current.db.vnc_access.expiry_time < get_datetime())).select()
        if (vnc_mappings != None) & (len(vnc_mappings) != 0):

            for mapping in vnc_mappings:
                # Update DB for each VNC access
                current.db(current.db.vnc_access.id == mapping.id).update(
                    status=VNC_ACCESS_STATUS_INACTIVE)
            current.db.commit()
        logger.debug("Done clearing vnc mappings")
    else:
        raise Exception("NAT type is not supported")