cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajani Karuturi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-9745) IPtable nat rules are not cleaned up on router, post disabling static nat on Public IP
Date Thu, 06 Jul 2017 10:34:05 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-9745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rajani Karuturi updated CLOUDSTACK-9745:
----------------------------------------
    Fix Version/s:     (was: 4.10.0.0)
                   4.10.1.0

> IPtable nat rules are not cleaned up on router,  post disabling static nat on Public
IP
> ---------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9745
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9745
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.9.0.1
>            Reporter: DeepthiMachiraju
>              Labels: pvr
>             Fix For: 4.10.1.0
>
>         Attachments: cloudlog.txt
>
>
> - Navigate to network and acquire a new Public IP.
> - Enable static nat , and assign a guest VM to the IP.
> - Ensure the Nat rules are updated accordingly in the router.
> - Now Disable the static nat on public IP.
> Observation : 
> - IPtable Nat rule are still populated with disabled Public IP entries . Check the IP
at eth2 and PostRouting chain . ( 10.147.30.112 is the source nat IP and 10.147.30.113 , 10.147.30.114
are the acquired IP's.)
> - The rules are cleared only , after the network is restarted with clean up option enabled.
> =====================================================
> root@r-203-VM:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 02:00:76:12:00:02 brd ff:ff:ff:ff:ff:ff
>     inet 10.1.1.1/24 brd 10.1.1.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 0e:00:a9:fe:00:4a brd ff:ff:ff:ff:ff:ff
>     inet 169.254.0.74/16 brd 169.254.255.255 scope global eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 06:77:36:00:00:0d brd ff:ff:ff:ff:ff:ff
>     inet 10.147.30.112/24 brd 10.147.30.255 scope global eth2
> root@r-203-VM:~#
> root@r-203-VM:~# iptables -t nat -L -v
> Chain PREROUTING (policy ACCEPT 3 packets, 204 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>     4   240 DNAT       tcp  --  eth2   any     anywhere             10.147.30.112   
    tcp dpt:ssh to:10.1.1.13:22
>     0     0 DNAT       tcp  --  eth0   any     anywhere             10.147.30.112   
    tcp dpt:ssh to:10.1.1.13:22
>     0     0 MARK       tcp  --  eth2   any     anywhere             10.147.30.112   
    tcp dpt:ssh MARK set 0x2
>     0     0 CONNMARK   tcp  --  eth2   any     anywhere             10.147.30.112   
    tcp dpt:ssh state NEW CONNMARK save
> Chain INPUT (policy ACCEPT 3 packets, 204 bytes)
>  pkts bytes target     prot opt in     out     source               destination
> Chain OUTPUT (policy ACCEPT 10 packets, 665 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>     0     0 DNAT       tcp  --  any    any     anywhere             10.147.30.112   
    tcp dpt:ssh to:10.1.1.13:22
> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>   257 17134 SNAT       all  --  any    eth2    anywhere             anywhere        
    to:10.147.30.112
>     0     0 SNAT       tcp  --  any    eth0    10.1.1.0/24          newv1           
    tcp dpt:ssh to:10.1.1.1
>     0     0 SNAT       all  --  any    eth2    anywhere             anywhere        
    to:10.147.30.113
>     0     0 SNAT       all  --  any    eth2    anywhere             anywhere        
    to:10.147.30.114
> ==========================================================



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message