Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E1E68C054 for ; Mon, 8 Dec 2014 23:09:31 +0000 (UTC) Received: (qmail 641 invoked by uid 500); 8 Dec 2014 23:09:31 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 593 invoked by uid 500); 8 Dec 2014 23:09:31 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 567 invoked by uid 99); 8 Dec 2014 23:09:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2014 23:09:30 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of andrija.panic@gmail.com designates 209.85.223.171 as permitted sender) Received: from [209.85.223.171] (HELO mail-ie0-f171.google.com) (209.85.223.171) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2014 23:09:25 +0000 Received: by mail-ie0-f171.google.com with SMTP id rl12so5476482iec.16 for ; Mon, 08 Dec 2014 15:08:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=INWgeI4+1E2G1EA4BJbDc35WMCLWQzf2vlkfETr2EVk=; b=J5wlQN4rIqaYcCkRWGrRBcmNLCSTeS01Ab8cqpDV5AHBdnV/GUIgUqthOqbCyntYfS F1hdAWQ3JolQU5Ix+oRJAvTObO9mlcwUpJF+Fd/VCDw3P6vAnM2layAKXwRYZCPSAuTF zKy6z/ENdYPL+1yI/t5KIkSmbHlmGzZd3520UaVWVXn4c9fpJlVdTgxiO4rlsmt3TyaD j1Lm8lvqg2d4+DcTpF2vdA5FdTO0dosd9SJ3XbeUGM+XntXj5XybJQ0cJXj87MSlihM8 EGNfhPpxtKkkCl06cIVrX1NR57EWVLa8rHIWVWuTfqsswkBdgOUvpgjmDffcEJIySRKw 4gpw== MIME-Version: 1.0 X-Received: by 10.42.194.17 with SMTP id dw17mr28286922icb.4.1418080100123; Mon, 08 Dec 2014 15:08:20 -0800 (PST) Received: by 10.42.25.74 with HTTP; Mon, 8 Dec 2014 15:08:20 -0800 (PST) In-Reply-To: References: Date: Tue, 9 Dec 2014 00:08:20 +0100 Message-ID: Subject: Re: Port forwarding (web) - doesnt show real client IP From: Andrija Panic To: "dev@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=20cf30434a7ca189bb0509bc8063 X-Virus-Checked: Checked by ClamAV on apache.org --20cf30434a7ca189bb0509bc8063 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Erik - yes I know of shared network - been using that, but want to move behind VPC to organize stuff a little bit more... ok, for loadbalancing - did not check, as that is not my problem at the moment. But port forwarding really is - this is really bad implemenation or bug in my opinion, never saw this kind of behaviour on any router anywhere... On 9 December 2014 at 00:03, Erik Weber wrote: > On Mon, Dec 8, 2014 at 11:55 PM, Andrija Panic > wrote: > > > And just to spice things a little bit, ALL remote connections appears t= o > > come from main Public IP of the VPC VR. > > So we can not block some stuff on firewall onVM (while doing port > > forwading) because all connections appear to come from main Public IP o= f > > the VPC VR. > > > > This is terrible design/bug - can we change this ? > > I'm on the ACS 4.3 currently... > > > > > This is a NAT problem. You could use a shared network with Public IPs or > Basic Networking with Public IPs. > > -- > Erik > --=20 Andrija Pani=C4=87 --20cf30434a7ca189bb0509bc8063--