Merge pull request #330 from amintong/master

dnat rule add dst restrictions

run/install.sh

@@ -31,15 +31,9 @@ rm -f "$STORAGE"/"$BASE".agent
 rm -f "$STORAGE"/"$BASE".boot.img
 rm -f "$STORAGE"/"$BASE".system.img
 
+TMP="/tmp/dsm"
 FS=$(stat -f -c %T "$STORAGE")
-
-if [[ "$FS" == "ext"* ]]; then
-  TMP="$STORAGE/tmp"
-else
-  TMP="/tmp/dsm"
-fi
-
-RDC="$STORAGE/dsm.rd"
+[[ "$FS" == "ext"* ]] && TMP="$STORAGE/tmp"
 rm -rf "$TMP" && mkdir -p "$TMP"
 
 # Check free diskspace
@@ -49,6 +43,8 @@ SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
 
 [[ "${DEBUG}" == [Yy1]* ]] && set -x
 
+RDC="$STORAGE/dsm.rd"
+
 if [ ! -f "${RDC}" ]; then
 
   info "Install: Downloading installer..."

run/network.sh

@@ -146,10 +146,13 @@ configureNAT () {
 
   ip link set dev "${VM_NET_TAP}" master dockerbridge
 
+
   # Add internet connection to the VM
+  IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+
   iptables -t nat -A POSTROUTING -o "${VM_NET_DEV}" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p tcp  -j DNAT --to $VM_NET_IP
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p udp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p tcp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p udp  -j DNAT --to $VM_NET_IP
 
   if (( KERNEL > 4 )); then
     # Hack for guest VMs complaining about "bad udp checksums in 5 packets"