cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10030) Public IPs assgined to the VPC are not reacheable from inside VPC
Date Tue, 22 Aug 2017 06:51:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16136404#comment-16136404
] 

ASF subversion and git services commented on CLOUDSTACK-10030:
--------------------------------------------------------------

Commit deb92d32bbf743208472113874fac98960099d99 in cloudstack's branch refs/heads/master from
[~syed1]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=deb92d3 ]

CLOUDSTACK-10030: Make sure that public IPs assigned to VPC are reacheable from inside the
VPC (#2221)

If a public IP is assigned to a VPC, a VM running inside that VPC cannot ping that public
IP. This is due to the IPtables Nat rules set in such a way that drop any requests to the
public IP from internal interfaces. I am fixing this so that internal hosts can also reach
the public IP.

Reproduction:

Create a VPC
Create a network inside the VPC
Allocate a public IP
Create a VM in the network
Create a port forwarding rule enabling ICMP
ping the public IP inside the VM (this will fail)

> Public IPs assgined to the VPC are not reacheable from inside VPC
> -----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10030
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10030
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router, VPC
>    Affects Versions: 4.10.0.0
>            Reporter: Syed Ahmed
>            Priority: Minor
>
> If a public IP is assigned to a VPC, a VM running inside that VPC cannot ping that public
IP. This is due to the IPtables Nat rules set in such a way that drop any requests to the
public IP from internal interfaces. I am fixing this so that internal hosts can also reach
the public IP.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message