cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Animesh Chaturvedi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-1633) Why do ACS security groups only support TCP, UDP, ICMP?
Date Thu, 31 Oct 2013 04:52:31 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Animesh Chaturvedi updated CLOUDSTACK-1633:
-------------------------------------------


There is no update on these items and are in open state, if they are not ready for 4.3.0 please
move them out to "Future". Remember the feature freeze date for 4.3.0 is 11/08 and the last
day for merge request with 72 hour feedback peiod is 11/05.

> Why do ACS security groups only support TCP, UDP, ICMP?
> -------------------------------------------------------
>
>                 Key: CLOUDSTACK-1633
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1633
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.0.0
>            Reporter: John Kinsella
>            Assignee: John Kinsella
>             Fix For: 4.3.0
>
>
> If I attempt to make an API call to authorizeSecurityGroupIngress specifying a protocol
of "41," I get an error of "Invalid protocol 41."
> Real-world use for this - Windows AD servers attempt to establish an ISATAP[1] connection
between servers. Without opening the firewall, packets will be dropped as shown in the log
below:
> Mar 11 19:07:27 c10 kernel: DROP:i-2-1711-VM-eg:IN=cloudbr0 OUT=cloudbr0 PHYSIN=vnet2
PHYSOUT=bond1 MAC=00:04:e9:ff:f3:90:06:c5:36:00:00:1a:0f:00 SRC=192.168.1.10 DST=192.168.1.20
LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=2898 PROTO=41
> 1:http://en.wikipedia.org/wiki/ISATAP



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message