[Spce-user] Physical interface VS virtual interface on iptables rules

[Javier Valencia]

Hi there!

My NGCP CE mr9.5.7 (on bullseye (11.10) 5.10.0-30-amd64 SMP) box isn't
responding on sip_ext, because it's generating "/etc/iptables/rules.v4"
with virtual ethernet interface instead physical ethernet interface.

In example:
-A INPUT -i *neth0:0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
"sip_ext"

Must be:
-A INPUT -i *neth0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
"sip_ext"

When I delete the first line and insert into iptables (with cli commands)
the second line, the server starts to respond.

There an *iface* alternative variable to make a custom template?
[%
   FOREACH iface IN hosts.$hostname.interfaces;
     FOREACH net IN hosts.$hostname.$iface.type;
       # handle certain aliases
       IF net != 'rtp_int' && net.match('^rtp_');
         net_alias = 'rtp_ext';
       ELSIF net.match('^sip_ext_');
         net_alias = 'sip_ext';
       ELSE;
         net_alias = net;
       END;

       IF rules.$net_alias && rules.$net_alias.size && iface != 'lo' &&
hosts.$hostname.$iface.ip;
         FOREACH rule IN rules.$net_alias;
-%]
-A INPUT -i [% *iface* %] [% rule %] -m comment --comment "[% net %]"
[%
         END;
       END;
     END;
   END;
-%]

thx

P.S: I'm so sorry about my english
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20240916/7f275a5a/attachment.htm>