cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9437) Outbound traffic fails to work after VR is upgraded to post 4.6+ release
Date Thu, 21 Jul 2016 20:04:20 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15388327#comment-15388327
] 

ASF GitHub Bot commented on CLOUDSTACK-9437:
--------------------------------------------

GitHub user rhtyd opened a pull request:

    https://github.com/apache/cloudstack/pull/1614

    CLOUDSTACK-9437: Fix egress chain and cleanup for allow all traffic

    - Fixes use of rules.v4/rules instead of router_rules.v4 file, this makes sure
      that FW_EGRESS_RULE chain gets created on router systemvms
    - Adds an explicit removal of allow all 0.0.0.0/0 (all protocol) egress rule
      when adding the default egress rule (CLOUDSTACK-9437)
    
    /cc @swill @jburwell @PaulAngus 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shapeblue/cloudstack vr-fix-egress

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1614.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1614
    
----
commit 7cde8edb833037cb247136f7c41a2d5242aa7864
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Date:   2016-07-21T19:54:32Z

    CLOUDSTACK-9437: Fix egress chain and cleanup for allow all traffic
    
    - Fixes use of rules.v4/rules instead of router_rules.v4 file, this makes sure
      that FW_EGRESS_RULE chain gets created on router systemvms
    - Adds an explicit removal of allow all 0.0.0.0/0 (all protocol) egress rule
      when adding the default egress rule (CLOUDSTACK-9437)
    
    Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

----


> Outbound traffic fails to work after VR is upgraded to post 4.6+ release
> ------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9437
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9437
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.2, 4.7.1, 4.8.0, 4.8.1
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Blocker
>
> When CloudStack is upgraded to 4.6+ version, due to changes in script. The default iptables
rules are saved at /etc/iptables/router_rules.{v4,v6} instead of the rules.{v4,v6} files.
The cloud-early-config file uses the rules.v4 and rules file, which are copied from iptables-{router,
etc.} templates.
> When CloudStack was upgrade from 4.3 to 4.6+ version, and VR template upgraded to a 4.6
template -- the rules.v4 file was copied from iptables-router template though the configure.py
uses router_rules.v4 file which does not have the FW_EGRESS_RULES chain declared. Because
of this the CsNetFilters fails to add the chain.
> Workaround that works -- after upgrading the router, restarting the network (without
cleanup selected) fixes the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message