CLOUDSTACK-2680 Fix Private Gateway SNAT when using guest interface

Author: Slair1

systemvm/debian/opt/cloud/bin/configure.py

@@ -937,12 +937,9 @@ def processStaticNatRule(self, rule):
         self.fw.append(["filter", "",
                         "-A FORWARD -i %s -o eth0  -d %s  -m state  --state NEW -j ACCEPT " % (device, rule["internal_ip"])])
 
-        # Configure the hairpin nat
-        self.fw.append(["nat", "front",
-                        "-A PREROUTING -d %s -i eth0 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
-
-        self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" %
-                        (self.getNetworkByIp(rule['internal_ip']), rule["internal_ip"], self.getGuestIp())])
+        # Configure the hairpin snat
+        self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o %s --to-source %s" %
+                        (self.getNetworkByIp(rule['internal_ip']), rule["internal_ip"], self.getDeviceByIp(rule["internal_ip"]), self.getGuestIp())])
 
 
 class IpTablesExecutor:

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

@@ -476,9 +476,10 @@ def fw_vpcrouter(self):
             self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" %
                             ("eth1", "eth1", guestNetworkCidr)])
 
-            self.fw.append(["nat", "front",
-                            "-A POSTROUTING -s %s -o %s -j SNAT --to-source %s" %
-                            (guestNetworkCidr, self.dev, self.address['public_ip'])])
+            if self.address["source_nat"]:
+                self.fw.append(["nat", "front",
+                                "-A POSTROUTING -o %s -j SNAT --to-source %s" %
+                                (self.dev, self.address['public_ip'])])
 
         if self.get_type() in ["public"]:
             self.fw.append(