# Delete the masquerading setup from a previous iteration where we
# were the NAT-GW
- iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK -d ! $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
+ iptables -D POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE >/dev/null 2>/dev/null
# remove any iptables rule we may have on this address
iptables -D INPUT -p tcp --syn -d $_ip/32 -j REJECT 2>/dev/null
if [ "$MYPNN" = "$NATGWMASTER" ]; then
# This is the first node, set it up as the NAT GW
echo 1 >/proc/sys/net/ipv4/ip_forward
- iptables -A POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK -d ! $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE
+ iptables -A POSTROUTING -t nat -s $CTDB_NATGW_PRIVATE_NETWORK ! -d $CTDB_NATGW_PRIVATE_NETWORK -j MASQUERADE
# block all incoming connections to the natgw address
CTDB_NATGW_PUBLIC_IP_HOST=`echo $CTDB_NATGW_PUBLIC_IP | sed -e "s/\/.*/\/32/"`