cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Port forwarding (web) - doesnt show real client IP
Date Mon, 08 Dec 2014 22:55:48 GMT
And just to spice things a little bit, ALL remote connections appears to
come from main Public IP of the VPC VR.
So we can not block some stuff on firewall onVM (while doing port
forwading) because all connections appear to come from main Public IP of
the VPC VR.

This is terrible design/bug - can we change this ?
I'm on the ACS 4.3 currently...

cheers

On 8 December 2014 at 23:42, Andrija Panic <andrija.panic@gmail.com> wrote:

> Hi,
>
> when doing port forwarding on VPC VR - port 80 - when some client access
> web site - only the main Public IP of the VPC is logged in apache access
> logs as remote IP.
>
> Why is this behaviour - and can this be changed ?
> My understanding is that this is kind of bug (unless needed for some other
> reasons) - port forwading is DNAT in essence, so only the destination
> IP/port should be changed, not proxied all the way, as it seems to be the
> case here...
>
> I read on other guys mailing list - same behavior for loadbalancer...
>
> Any suggestion ?
>
> Thanks,
>
> --
>
> Andrija Panić
>



-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message