cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kishan Kavala (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8683) Shared network VR ssh on port 3922 is blocked
Date Tue, 28 Jul 2015 11:45:04 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644265#comment-14644265
] 

Kishan Kavala commented on CLOUDSTACK-8683:
-------------------------------------------

root@r-27-VM:~# cat /etc/iptables/router_rules.v4
# Generated by iptables-save v1.4.14 on Tue Jul 28 10:22:49 2015
*mangle
:PREROUTING ACCEPT [85:12336]
:INPUT ACCEPT [85:12336]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:13012]
:POSTROUTING ACCEPT [78:13012]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xffffffff
--ctmask 0xffffffff
-A PREROUTING -i eth0 -m state --state NEW -j CONNMARK --set-xmark 0x0/0xffffffff
COMMIT
# Completed on Tue Jul 28 10:22:49 2015
# Generated by iptables-save v1.4.14 on Tue Jul 28 10:22:49 2015
*filter
:INPUT ACCEPT [83:12168]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:13012]
:NETWORK_STATS - [0:0]
-A INPUT -j NETWORK_STATS
-A INPUT -d 224.0.0.18/32 -j ACCEPT
-A INPUT -d 225.0.0.50/32 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
-A FORWARD -j NETWORK_STATS
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j NETWORK_STATS
-A NETWORK_STATS -i eth0 -o eth2
-A NETWORK_STATS -i eth2 -o eth0
-A NETWORK_STATS ! -i eth0 -o eth2 -p tcp
-A NETWORK_STATS -i eth2 ! -o eth0 -p tcp
COMMIT
# Completed on Tue Jul 28 10:22:49 2015
# Generated by iptables-save v1.4.14 on Tue Jul 28 10:22:49 2015
*nat
:PREROUTING ACCEPT [17:1384]
:INPUT ACCEPT [15:1304]
:OUTPUT ACCEPT [4:268]
:POSTROUTING ACCEPT [4:268]
COMMIT
# Completed on Tue Jul 28 10:22:49 2015


> Shared network VR ssh on port 3922 is blocked
> ---------------------------------------------
>
>                 Key: CLOUDSTACK-8683
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8683
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Kishan Kavala
>            Priority: Blocker
>
> ssh to Shared network VR on link_local_ip @ port 3922 is blocked.
> MS is not able to program any rules on the VR due to this



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message