cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <>
Subject ACS 4.3.2 shapeblue/upstream - remote IP not show behide VPC
Date Sat, 14 Mar 2015 21:27:42 GMT
Hi guys,

refreshing old subject with a more details:
I just upgrade to ACS 4.3.2 (shapeblue upstream repo) and systemvm also to
4.3.2 (shapeblue with GHOST patch)

I still have same problems as with ACS 4.3.0 (comunity repo, comunity
systemvm template)


When I do Port Forwarding, or Static NAT - remote IP is not seen in netstat
inside VM on pricate network - instead netstat is showing main VR IP
address - because it seems that the VR does SNAT on ALL incoming
connections or something:

VR main IP (Source NAT)
VR additional IP: - Port Forwarding for port 7777 configured
here to private VM on

I opened all kind of windows here to give as much info as possible.
Image here:

You can notice I'm doing telnet from my laptop to on port 777
(botom right picture)

Top left, you can see private VM windows, that shows in netstat that
connection on port 7777 are acually comming from MAIN VR IP address,
instead of showing my real remote (home) IP address.

It seems to me that the unconditional SNAT rules - botom left - might be
the cause of this problem ?

VR is doing SNAT on incoming connections (for whatever reason) no matter
the destination IP (even if destination IP is ADDITIONAL IP, it's stil oing
SNAT with main VR IP address) instead of just doing DNAT (replacing public
IP with private IP of the VM and passing IP packet to pricate VM)

For this reason (perhaps only my installation has problem  ?!)  VPC rouing
is kind of broken.

I can say in 4.4 it worked fine (when tested a while ago), showing really
my remote IP in netstat in the private VM...

Any help are really appreciated.


Andrija Panić

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message