Merge pull request #3810 from jpoimboe/iptables-forward-public-ports

network: add publicly mapped ports to FORWARD table

pkg/iptables/iptables.go

@@ -73,6 +73,23 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str
 	} else if len(output) != 0 {
 		return fmt.Errorf("Error iptables forward: %s", output)
 	}
+
+	fAction := action
+	if fAction == Add {
+		fAction = "-I"
+	}
+	if output, err := Raw(string(fAction), "FORWARD",
+		"!", "-i", c.Bridge,
+		"-o", c.Bridge,
+		"-p", proto,
+		"-d", daddr,
+		"--dport", strconv.Itoa(port),
+		"-j", "ACCEPT"); err != nil {
+		return err
+	} else if len(output) != 0 {
+		return fmt.Errorf("Error iptables forward: %s", output)
+	}
+
 	return nil
 }