cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject SG broken in Adv zone with multiple shared networks (4.2)
Date Fri, 13 Dec 2013 18:30:23 GMT
Hi,

It seems that using multiple shared networks in an Adv zone with 
Security groups breaks the security groups.

Here's what happens:

- install 4.2.1 SNAPSHOT.el6 (from Build Date: Thu 05 Dec 2013 13:19:49 
GMT)
- crate Adv zone with SG
- add a shared network on vlan 109
- add instances on it
- create security groups
- everything rocks, they can ping each other etc

- create another shared network on vlan 999
- stop the running instances
- add the second network to the instances and start them
- the instances get a new set of IPs for eth1 via DHCP BUT!
- they can no longer access each other via the eth0 IPs; the SG seem to 
apply correctly, but only to the newly added network
- the instances can also no longer access the router in their primary 
shared network (hence no more passwords reset and other features)

For those good at firewalls, here's the iptables output from BEFORE 
adding the second network:
http://paste.fedoraproject.org/61594/95896413

And AFTER adding the second network and starting back the instances:
http://paste.fedoraproject.org/61595/86959048

If someone can confirm it's not me doing something stupid I can open a 
proper report in jira.

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Mime
View raw message