From 33f430bf255ce2999f3eec7270e15b516a1c214a Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 4 Nov 2016 09:56:49 +0100
Subject: [PATCH] Use the private port for the firewall rules (#4114)

Because of how CloudStack configures the firerwall on the router VM, you need to allow traffic to the private port instead of the public port.
---
 builder/cloudstack/step_configure_networking.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builder/cloudstack/step_configure_networking.go b/builder/cloudstack/step_configure_networking.go
index 670bb0b8d..2aa071905 100644
--- a/builder/cloudstack/step_configure_networking.go
+++ b/builder/cloudstack/step_configure_networking.go
@@ -125,8 +125,8 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction
 		p.SetAclid(network.Aclid)
 		p.SetAction("allow")
 		p.SetCidrlist(config.CIDRList)
-		p.SetStartport(s.publicPort)
-		p.SetEndport(s.publicPort)
+		p.SetStartport(s.privatePort)
+		p.SetEndport(s.privatePort)
 		p.SetTraffictype("ingress")
 
 		// Create the network ACL rule.
@@ -146,8 +146,8 @@ func (s *stepSetupNetworking) Run(state multistep.StateBag) multistep.StepAction
 
 		// Configure the firewall rule.
 		p.SetCidrlist(config.CIDRList)
-		p.SetStartport(s.publicPort)
-		p.SetEndport(s.publicPort)
+		p.SetStartport(s.privatePort)
+		p.SetEndport(s.privatePort)
 
 		fwRule, err := client.Firewall.CreateFirewallRule(p)
 		if err != nil {