cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: SNAT and remote IP problem
Date Thu, 19 Mar 2015 16:35:46 GMT
It seems fine also in a 4.3.0 VPC (KVM) I run.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Andrija Panic" <andrija.panic@gmail.com>
> To: dev@cloudstack.apache.org
> Cc: "Rohit Yadav" <rohit.yadav@shapeblue.com>
> Sent: Wednesday, 18 March, 2015 11:29:54
> Subject: Re: SNAT and remote IP problem

> I reacall this was fine in clean 4.4.0 or 4.4.1/2....cant remember any
> more...
> 
> but anyone willing to share their VR output, as I asked, will I guess help
> us greatly...
> 
> On 18 March 2015 at 12:28, Erik Weber <terbolous@gmail.com> wrote:
> 
>> Has anyone checked if this is present in 4.5? If so we should aim to have a
>> fix available with 4.5.1
>>
>> --
>> Erik
>>
>> On Wed, Mar 18, 2015 at 10:47 AM, Paul Shadwell <shadwell@me.com> wrote:
>>
>> > I also have this problem, it effects running vPBX/VoIP services behind a
>> > VR.
>> >
>> > In fact any service that requires a view on incoming IPs and domain
>> names.
>> >
>> > For example fail2ban will block ALL access to ssh because it only ever
>> > sees the VR IP address.
>> >
>> > Upgrading to 4.3.2 did not fix it.
>> >
>> > This needs fixing urgently.
>> >
>> > Best regards
>> >
>> > Paul
>> >
>> >
>> >
>> > > On 17 Mar 2015, at 14:01, Andrija Panic <andrija.panic@gmail.com>
>> wrote:
>> > >
>> > > Hi,
>> > >
>> > > is anybody willing to share the result from the folowing command, run
>> in
>> > VR
>> > > (VPC VR):
>> > >
>> > > iptables -t nat -nvL
>> > >
>> > > This should preferable be run from SSH-to-VR, instead of
>> > > ConsoleProxy-to-VR, because of nice output over SSH.
>> > >
>> > >
>> > > It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections,
>> no
>> > > matter to WHAT IP  the traffic from internet came - primary IP, or
>> > > additional one that is used for i.e. Static NAT - so SNAT rules always
>> > > replace remote cleint IP with MAIN IP of the VPC...
>> > >
>> > > Please share your examples - this is serious bug in my opinion, and I
>> wil
>> > > raise JIRA - but would like some examples from other guys first.
>> > >
>> > > THanks,
>> > >
>> > > --
>> > >
>> > > Andrija Panić
>> >
>> >
>>
> 
> 
> 
> --
> 
> Andrija Panić

Mime
View raw message