cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8905) [Blocker] Egress rules are not configured in VR
Date Sun, 27 Sep 2015 12:12:08 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14909715#comment-14909715
] 

ASF GitHub Bot commented on CLOUDSTACK-8905:
--------------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/cloudstack/pull/881


> [Blocker] Egress rules are not configured in VR
> -----------------------------------------------
>
>                 Key: CLOUDSTACK-8905
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8905
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.0
>            Reporter: Raja Pullela
>            Assignee: Jayapal Reddy
>            Priority: Blocker
>             Fix For: 4.6.0
>
>
> 1. Deployed CS Advanced zone.
>  2. Created an isolated network.
>  3. Navigate to Egress rule:
>  Observing a pop up message:
>  "Configure the rules to allow Traffic"
> Inside VR :
> root@r-9-VM:~# iptables-save
> 1.Generated by iptables-save v1.4.14 on Wed Sep 23 10:46:46 2015
>  *filter
>  :INPUT DROP [0:0]
>  :FORWARD DROP [0:0]
>  :OUTPUT ACCEPT [65:7867]
>  :FW_OUTBOUND - [0:0]
>  :NETWORK_STATS - [0:0]
>  -A INPUT -j NETWORK_STATS
>  -A INPUT -d 224.0.0.18/32 -j ACCEPT
>  -A INPUT -d 225.0.0.50/32 -j ACCEPT
>  -A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A INPUT -p icmp -j ACCEPT
>  -A INPUT -i lo -j ACCEPT
>  -A INPUT -i eth1 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT
>  -A INPUT -i eth1 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT
>  -A INPUT -d 224.0.0.18/32 -j ACCEPT
>  -A INPUT -d 225.0.0.50/32 -j ACCEPT
>  -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A INPUT -p icmp -j ACCEPT
>  -A INPUT -i lo -j ACCEPT
>  -A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
>  -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
>  -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
>  -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
>  -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
>  -A INPUT -i eth1 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT
>  -A FORWARD -j NETWORK_STATS
>  -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT
>  -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A FORWARD -i eth0 -o eth2 -j FW_OUTBOUND
>  -A OUTPUT -j NETWORK_STATS
>  -A FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A NETWORK_STATS -i eth0 -o eth2
>  -A NETWORK_STATS -i eth2 -o eth0
>  -A NETWORK_STATS ! -i eth0 -o eth2 -p tcp
>  -A NETWORK_STATS -i eth2 ! -o eth0 -p tcp
>  COMMIT
> 2.Completed on Wed Sep 23 10:46:46 2015
> 3.Generated by iptables-save v1.4.14 on Wed Sep 23 10:46:46 2015
>  *nat
>  :PREROUTING ACCEPT [21:1428]
>  :INPUT ACCEPT [21:1428]
>  :OUTPUT ACCEPT [2:152]
>  :POSTROUTING ACCEPT [0:0]
>  -A POSTROUTING -o eth2 -j SNAT --to-source 10.147.47.9
>  COMMIT
> 4.Completed on Wed Sep 23 10:46:46 2015
> 5.Generated by iptables-save v1.4.14 on Wed Sep 23 10:46:46 2015
>  *mangle
>  :PREROUTING ACCEPT [331:33456]
>  :INPUT ACCEPT [352:35052]
>  :FORWARD ACCEPT [0:0]
>  :OUTPUT ACCEPT [331:44643]
>  :POSTROUTING ACCEPT [331:44643]
>  :FIREWALL_10.147.47.9 - [0:0]
>  :VPN_10.147.47.9 - [0:0]
>  -A PREROUTING -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask
0xffffffff --ctmask 0xffffffff
>  -A PREROUTING -d 10.147.47.9/32 -j FIREWALL_10.147.47.9
>  -A PREROUTING -d 10.147.47.9/32 -j VPN_10.147.47.9
>  -A PREROUTING -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask
0xffffffff --ctmask 0xffffffff
>  -A PREROUTING -i eth2 -m state --state NEW -j CONNMARK --set-xmark 0x2/0xffffffff
>  -A PREROUTING -i eth0 -m state --state NEW -j CONNMARK --set-xmark 0x0/0xffffffff
>  -A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
>  -A FIREWALL_10.147.47.9 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A FIREWALL_10.147.47.9 -j DROP
>  -A VPN_10.147.47.9 -m state --state RELATED,ESTABLISHED -j ACCEPT
>  -A VPN_10.147.47.9 -j RETURN
>  COMMIT
> 6.Completed on Wed Sep 23 10:46:46 2015
>  root@r-9-VM:~#



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message