Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 03BE618D94 for ; Tue, 22 Sep 2015 05:59:05 +0000 (UTC) Received: (qmail 45054 invoked by uid 500); 22 Sep 2015 05:59:04 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 45025 invoked by uid 500); 22 Sep 2015 05:59:04 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 45016 invoked by uid 500); 22 Sep 2015 05:59:04 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 45013 invoked by uid 99); 22 Sep 2015 05:59:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Sep 2015 05:59:04 +0000 Date: Tue, 22 Sep 2015 05:59:04 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-8891) Isolated network VR default iptables rules in INPUT chain are missing MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-8891?page=3Dcom.atla= ssian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId= =3D14901996#comment-14901996 ]=20 ASF GitHub Bot commented on CLOUDSTACK-8891: -------------------------------------------- GitHub user jayapalu opened a pull request: https://github.com/apache/cloudstack/pull/867 CLOUDSTACK-8891: Fixed default iptables rules on VR for guest traffic VR default iptables rules in INPUT chain are configured partially. In CsAddress.py rules are configured while configuring public interface= , guest interface post configuration is missed. Fixed to configure guest po= st configuration so that iptables rules are configured. =20 Testing: 1. Deployed vm in the network. 2.iptables rules on the VR configured correctly. 3.VM got the dhcp ip address from the VR. You can merge this pull request into a Git repository by running: $ git pull https://github.com/jayapalu/cloudstack CLOUDSTACK-8891 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cloudstack/pull/867.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #867 =20 ---- commit 276fa531c768b2f4be2b80d128a488f36dff29a2 Author: Jayapal Date: 2015-09-22T05:03:58Z CLOUDSTACK-8891: Fixed default iptables rules on VR for guest traffic ---- > Isolated network VR default iptables rules in INPUT chain are missing > --------------------------------------------------------------------- > > Key: CLOUDSTACK-8891 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-889= 1 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the defa= ult.)=20 > Components: Network Controller > Affects Versions: 4.6.0 > Reporter: Jayapal Reddy > Assignee: Jayapal Reddy > Fix For: 4.6.0 > > > Repro steps: > 1.Create a advance zone setup > 2. Create a VM in isolated network > Bug > VM is not assigned its guest ip as dhcp port in router is not open > Also dns, http ports missing. > iptables -L INPUT -nvx > Chain INPUT (policy DROP 1330 packets, 79806 bytes) > pkts bytes target prot opt in out source dest ination > 1616 116814 NETWORK_STATS all =E2=80=93 * * 0.0.0.0/0 0. 0.0.0/0 > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 224.0. 0.18 > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 225.0. 0.50 > 0 0 ACCEPT all =E2=80=93 eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABL= ISHED > 0 0 ACCEPT icmp =E2=80=93 * * 0.0.0.0/0 0.0.0. 0/0 > 4 730 ACCEPT all =E2=80=93 lo * 0.0.0.0/0 0.0.0. 0/0 > 255 34874 ACCEPT tcp =E2=80=93 eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 s= tate NEW,ESTABLISHED > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 224.0. 0.18 > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 225.0. 0.50 > 0 0 ACCEPT all =E2=80=93 eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABL= ISHED > 0 0 ACCEPT icmp =E2=80=93 * * 0.0.0.0/0 0.0.0. 0/0 > 0 0 ACCEPT all =E2=80=93 lo * 0.0.0.0/0 0.0.0. 0/0 > 0 0 ACCEPT tcp =E2=80=93 eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state N= EW,ESTABLISHED > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 224.0. 0.18 > 0 0 ACCEPT all =E2=80=93 * * 0.0.0.0/0 225.0. 0.50 > 0 0 ACCEPT all =E2=80=93 eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABL= ISHED > 0 0 ACCEPT icmp =E2=80=93 * * 0.0.0.0/0 0.0.0. 0/0 > 0 0 ACCEPT all =E2=80=93 lo * 0.0.0.0/0 0.0.0. 0/0 > 0 0 ACCEPT tcp =E2=80=93 eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state N= EW,ESTABLISHED -- This message was sent by Atlassian JIRA (v6.3.4#6332)