cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: SNAT and remote IP problem
Date Wed, 18 Mar 2015 11:28:18 GMT
Has anyone checked if this is present in 4.5? If so we should aim to have a
fix available with 4.5.1

-- 
Erik

On Wed, Mar 18, 2015 at 10:47 AM, Paul Shadwell <shadwell@me.com> wrote:

> I also have this problem, it effects running vPBX/VoIP services behind a
> VR.
>
> In fact any service that requires a view on incoming IPs and domain names.
>
> For example fail2ban will block ALL access to ssh because it only ever
> sees the VR IP address.
>
> Upgrading to 4.3.2 did not fix it.
>
> This needs fixing urgently.
>
> Best regards
>
> Paul
>
>
>
> > On 17 Mar 2015, at 14:01, Andrija Panic <andrija.panic@gmail.com> wrote:
> >
> > Hi,
> >
> > is anybody willing to share the result from the folowing command, run in
> VR
> > (VPC VR):
> >
> > iptables -t nat -nvL
> >
> > This should preferable be run from SSH-to-VR, instead of
> > ConsoleProxy-to-VR, because of nice output over SSH.
> >
> >
> > It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections, no
> > matter to WHAT IP  the traffic from internet came - primary IP, or
> > additional one that is used for i.e. Static NAT - so SNAT rules always
> > replace remote cleint IP with MAIN IP of the VPC...
> >
> > Please share your examples - this is serious bug in my opinion, and I wil
> > raise JIRA - but would like some examples from other guys first.
> >
> > THanks,
> >
> > --
> >
> > Andrija Panić
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message