Return-Path: 
 <issues-return-3692-apmail-cloudstack-issues-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-issues-archive@www.apache.org
Delivered-To: apmail-cloudstack-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 20921F080
	for <apmail-cloudstack-issues-archive@www.apache.org>;
 Tue,  2 Apr 2013 21:01:17 +0000 (UTC)
Received: (qmail 85502 invoked by uid 500); 2 Apr 2013 21:01:16 -0000
Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org
Received: (qmail 85484 invoked by uid 500); 2 Apr 2013 21:01:16 -0000
Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:issues@cloudstack.apache.org>
List-Id: <issues.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list issues@cloudstack.apache.org
Received: (qmail 85446 invoked by uid 500); 2 Apr 2013 21:01:16 -0000
Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org
Received: (qmail 85431 invoked by uid 99); 2 Apr 2013 21:01:16 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Apr 2013 21:01:16 +0000
Date: Tue, 2 Apr 2013 21:01:16 +0000 (UTC)
From: "angeline shen (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.12640378.1364936430704.94334.1364936476630@arcas>
In-Reply-To: <JIRA.12640378.1364936430704@arcas>
References: <JIRA.12640378.1364936430704@arcas>
Subject: [jira] [Created] (CLOUDSTACK-1899) SRX firewall external devices -
 static NAT does not function
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

angeline shen created CLOUDSTACK-1899:
-----------------------------------------

             Summary: SRX firewall external devices - static NAT does not function
                 Key: CLOUDSTACK-1899
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1899
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.0.0
         Environment: MS    ASF 4.0.0  GA RHEL6.3   
host  KVM  ASF 4.0.0  GA RHEL6.3   
            Reporter: angeline shen
             Fix For: 4.1.0


1. advance zone, create network offering for external device firewall SRX, add SRX device
2. create instances using above network offering.   Port forwarding rules work.
    allocate public IP, enable static NAT, set TCP port 22  rule  for IP.
    ssh to static NAT IP FAIL:

[ashen@localhost ~]$ ssh root@10.223.123.22
ssh: connect to host 10.223.123.22 port 22: No route to hos

3. create VPC, VPC network, instances.  Both static NAT and Port forwarding rules work for VPC network

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira