Revision c4a85ab1

View differences:

mininet/nodelib.py
74 74
    "NAT: Provides connectivity to external network"
75 75

  
76 76
    def __init__( self, name, inetIntf=None, subnet='10.0/8',
77
                  localIntf=None, **params):
77
                  localIntf=None, flush=False, **params):
78 78
        """Start NAT/forwarding between Mininet and external network
79 79
           inetIntf: interface for internet access
80
           subnet: Mininet subnet (default 10.0/8)="""
80
           subnet: Mininet subnet (default 10.0/8)
81
           flush: flush iptables before installing NAT rules"""
81 82
        super( NAT, self ).__init__( name, **params )
82 83

  
83 84
        self.inetIntf = inetIntf if inetIntf else self.getGatewayIntf()
84 85
        self.subnet = subnet
85 86
        self.localIntf = localIntf
87
        self.flush = flush
86 88

  
87 89
    def config( self, **params ):
88 90
        """Configure the NAT and iptables"""
......
93 95

  
94 96
        self.cmd( 'sysctl net.ipv4.ip_forward=0' )
95 97

  
96
        # Flush any currently active rules
97
        # TODO: is this safe?
98
        self.cmd( 'iptables -F' )
99
        self.cmd( 'iptables -t nat -F' )
98
        if self.flush:
99
            self.cmd( 'iptables -F' )
100
            self.cmd( 'iptables -t nat -F' )
101
            # Create default entries for unmatched traffic
102
            self.cmd( 'iptables -P INPUT ACCEPT' )
103
            self.cmd( 'iptables -P OUTPUT ACCEPT' )
104
            self.cmd( 'iptables -P FORWARD DROP' )
100 105

  
101
        # Create default entries for unmatched traffic
102
        self.cmd( 'iptables -P INPUT ACCEPT' )
103
        self.cmd( 'iptables -P OUTPUT ACCEPT' )
104
        self.cmd( 'iptables -P FORWARD DROP' )
105

  
106
        # Configure NAT
106
        # Install NAT rules
107 107
        self.cmd( 'iptables -I FORWARD',
108 108
                  '-i', self.localIntf, '-d', self.subnet, '-j DROP' )
109 109
        self.cmd( 'iptables -A FORWARD',
......
143 143
            return fallback
144 144

  
145 145
    def terminate( self ):
146
        """Stop NAT/forwarding between Mininet and external network"""
147
        # Flush any currently active rules
148
        # TODO: is this safe?
149
        self.cmd( 'iptables -F' )
150
        self.cmd( 'iptables -t nat -F' )
151

  
146
        "Stop NAT/forwarding between Mininet and external network"
147
        print 'STOPPING', self
148
        # Remote NAT rules
149
        self.cmd( 'iptables -D FORWARD',
150
                   '-i', self.localIntf, '-d', self.subnet, '-j DROP' )
151
        self.cmd( 'iptables -D FORWARD',
152
                  '-i', self.localIntf, '-s', self.subnet, '-j ACCEPT' )
153
        self.cmd( 'iptables -D FORWARD',
154
                   '-i', self.inetIntf, '-d', self.subnet, '-j ACCEPT' )
155
        self.cmd( 'iptables -t nat -D POSTROUTING',
156
                   '-o', self.inetIntf, '-s', self.subnet, '-j MASQUERADE' )
152 157
        # Instruct the kernel to stop forwarding
153 158
        self.cmd( 'sysctl net.ipv4.ip_forward=0' )
154

  
155 159
        super( NAT, self ).terminate()

Also available in: Unified diff