From eb5349bc788b91c382d3d242dff1b7ffc3210406 Mon Sep 17 00:00:00 2001
From: Weezer Su <weezer.su@gmail.com>
Date: Wed, 26 Apr 2017 08:59:45 -0500
Subject: [PATCH] Add the public ip to iptables rules

Adding the ip to the filter to make the DNAT request rightly.

Change-Id: I5e229444bd873cad59f5d038b82294c1f6acd853
---
 multi-node-aio/config-deploy-node.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/multi-node-aio/config-deploy-node.sh b/multi-node-aio/config-deploy-node.sh
index 075122f4..986ded3d 100755
--- a/multi-node-aio/config-deploy-node.sh
+++ b/multi-node-aio/config-deploy-node.sh
@@ -19,12 +19,13 @@ if [[ "${DEPLOY_OSA}" = true ]]; then
 fi
 
 if [[ "${CONFIG_PREROUTING}" = true ]]; then
+  EXTERNAL_IP="$(ip route get 1 | awk '{print $NF;exit}')"
   # Add 2222 rules to iptables for ssh directly into deployment node.
-  iptables_filter_rule_add nat 'PREROUTING -p tcp --dport 2222 -j DNAT --to 10.0.0.150:22'
+  iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport 2222 -j DNAT --to 10.0.0.150:22"
 
   scp -o StrictHostKeyChecking=no deploy1:/opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml .
   PORTS="$(get_osad_ports) $OSA_PORTS"
   for port in $PORTS ; do
-    iptables_filter_rule_add nat "PREROUTING -p tcp --dport ${port} -j DNAT --to 10.0.0.150:${port}"
+    iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport ${port} -j DNAT --to 10.0.0.150:${port}"
   done
-fi
\ No newline at end of file
+fi