cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Shadwell <shadw...@me.com>
Subject Re: SNAT and remote IP problem
Date Wed, 18 Mar 2015 09:47:54 GMT
I also have this problem, it effects running vPBX/VoIP services behind a VR.

In fact any service that requires a view on incoming IPs and domain names.

For example fail2ban will block ALL access to ssh because it only ever sees the VR IP address.

Upgrading to 4.3.2 did not fix it.

This needs fixing urgently.

Best regards

Paul



> On 17 Mar 2015, at 14:01, Andrija Panic <andrija.panic@gmail.com> wrote:
> 
> Hi,
> 
> is anybody willing to share the result from the folowing command, run in VR
> (VPC VR):
> 
> iptables -t nat -nvL
> 
> This should preferable be run from SSH-to-VR, instead of
> ConsoleProxy-to-VR, because of nice output over SSH.
> 
> 
> It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections, no
> matter to WHAT IP  the traffic from internet came - primary IP, or
> additional one that is used for i.e. Static NAT - so SNAT rules always
> replace remote cleint IP with MAIN IP of the VPC...
> 
> Please share your examples - this is serious bug in my opinion, and I wil
> raise JIRA - but would like some examples from other guys first.
> 
> THanks,
> 
> -- 
> 
> Andrija Panić


Mime
View raw message