Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 90E4517461 for ; Tue, 17 Mar 2015 13:02:44 +0000 (UTC) Received: (qmail 36391 invoked by uid 500); 17 Mar 2015 13:02:39 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 36253 invoked by uid 500); 17 Mar 2015 13:02:39 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 36140 invoked by uid 99); 17 Mar 2015 13:02:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Mar 2015 13:02:39 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andrija.panic@gmail.com designates 209.85.213.181 as permitted sender) Received: from [209.85.213.181] (HELO mail-ig0-f181.google.com) (209.85.213.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Mar 2015 13:02:11 +0000 Received: by igcau2 with SMTP id au2so32681500igc.0; Tue, 17 Mar 2015 06:01:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=uTEY6Em8YlHKejUpmPSVgnJBA5g1+PJYhI2dGAeLXYU=; b=WvhlUZzsJkevZkxZMaX0b3nRvfHmQX75yVxs7o8SmhJ3pucuNvcwLW0Mx7QX/X2gOL oUIPdFhTR7Ld4W7fCNo3wSlviSQz9X6YlemQn5Z1Z/sks7h3V5g26m9ZtAJtuPuJzKYf MnVAB82RhYvcuFRzgiRWbBQ+p3EWxrQ2G1vA2A3q9B7aJ9kXciT4M1Sac6dBlBtCl5js bm5egvw/8runuh1T2GJa1ZbYiQ5cCA0gm2n1hir9ffclNgGzSIAiw+UbkEbFGEeUTS+E 8FDwZHZESYAPFAVYSB+6hFrWYs3ZA8QejorTDsrFaPfmpGyMaDjCRy7iSjv6V+Zncfwm CnFQ== MIME-Version: 1.0 X-Received: by 10.107.169.35 with SMTP id s35mr88837729ioe.46.1426597284924; Tue, 17 Mar 2015 06:01:24 -0700 (PDT) Received: by 10.42.64.4 with HTTP; Tue, 17 Mar 2015 06:01:24 -0700 (PDT) Date: Tue, 17 Mar 2015 14:01:24 +0100 Message-ID: Subject: SNAT and remote IP problem From: Andrija Panic To: "users@cloudstack.apache.org" , "dev@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=001a1142147067fae205117b90d9 X-Virus-Checked: Checked by ClamAV on apache.org --001a1142147067fae205117b90d9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, is anybody willing to share the result from the folowing command, run in VR (VPC VR): iptables -t nat -nvL This should preferable be run from SSH-to-VR, instead of ConsoleProxy-to-VR, because of nice output over SSH. It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections, no matter to WHAT IP the traffic from internet came - primary IP, or additional one that is used for i.e. Static NAT - so SNAT rules always replace remote cleint IP with MAIN IP of the VPC... Please share your examples - this is serious bug in my opinion, and I wil raise JIRA - but would like some examples from other guys first. THanks, --=20 Andrija Pani=C4=87 --001a1142147067fae205117b90d9--