cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "samhith vasikarla (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-9941) Port forwarding rules are not persistent when we reboot VR from outside Cloudstack
Date Tue, 06 Jun 2017 08:29:18 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

samhith vasikarla updated CLOUDSTACK-9941:
------------------------------------------
    Labels: PVR  (was: )

> Port forwarding rules are not persistent when we reboot VR from outside Cloudstack 
> -----------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9941
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9941
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.10.0.0
>            Reporter: samhith vasikarla
>              Labels: PVR
>             Fix For: 4.10.0.0
>
>         Attachments: log.txt
>
>
> 1. Create a network say N1 with Network offering "Conserve Mode Enabled and all other
services with Virtual Router"
> 2. Create an instance with N1
> 3. After successful creation of instance, Navigate to Network and add port forwarding
rules .
> 4.After successful addition of port forwarding rules .Login to the router and type iptables
-t nat -L we will find the port forwarding rules
> root@r-22-VM:~# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             10.147.30.184        tcp dpt:ssh to:10.1.1.114:22
> DNAT       tcp  --  anywhere             10.147.30.184        tcp dpt:ssh to:10.1.1.114:22
> MARK       tcp  --  anywhere             10.147.30.184        tcp dpt:ssh MARK set 0x2
> CONNMARK   tcp  --  anywhere             10.147.30.184        tcp dpt:ssh state NEW CONNMARK
save
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             10.147.30.184        tcp dpt:ssh to:10.1.1.114:22
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> SNAT       all  --  anywhere             anywhere             to:10.147.30.184
> SNAT       tcp  --  10.1.1.0/24          conserve             tcp dpt:ssh to:10.1.1.1
> 5. Reboot the router from outside of the management server 
> 6.Again type iptables -t nat -L and check whether the rules are persistent .
> Observation : 
> Post reboot from outside of cloudstack , PF rules are not present on the iptables of
 VR.
> In database the pf rules are present
> mysql> select * from port_forwarding_rules\G;
> ********* 1. row **********
>              id: 46
>     instance_id: 23
> dest_ip_address: 10.1.1.114
> dest_port_start: 22
>   dest_port_end: 22
> 1 row in set (0.00 sec)
> *****************************
> In forwarding rules.json the rules are present
> {
>     "10.147.30.184": [
>         {
>             "internal_ip": "10.1.1.114",
>             "internal_ports": "22:22",
>             "protocol": "tcp",
>             "public_ip": "10.147.30.184",
>             "public_ports": "22:22",
>             "type": "forward"
>         }
>     ],
>     "id": "forwardingrules"
> }
> ******************************************************************
> But in iptables the rules are not present 
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> ********************************************************************
> In the above one we cannot ssh to the virtual machine
> ssh root@10.147.30.184
> ssh: connect to host 10.147.30.184 port 22: Connection refused
> Note : When the vr is rebooted from cloudstack , all the rules are again fetched.
>  



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message