cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Makrand <makrandsa...@gmail.com>
Subject Re: Static Nat how to
Date Fri, 13 Jan 2017 05:59:17 GMT
Hi Felipe,

Very Strange.

1) I assume the communication on the private IP is fine between VR and VMs?

2) What's version of ACS and hyper-visor?

Just a small suggestion: VRs are bit strange creatures in ACS
world.....just try to do clean network restart so it will create a brand
new VR. Rebooting this way have solved few network related issues for me in
past.

--
Makrand


On Mon, Jan 9, 2017 at 12:08 AM, Felipe Arturo Polanco <
felipeapolanco@gmail.com> wrote:

> Hi Makrand,
>
> Thanks for the information.
>
> I have acquired and assigned the public IP to the VM and with tcpdump I can
> see the packets coming into the public interface but they never get out via
> the private interface in the Virtual Router.
>
> When I do a whatsmyip query on the VM I see it still uses the VR Public IP
> for getting Public access.
>
> I double checked the iptables rules and I can see the Static NAT rules
> being present in the chains for the acquired IP so it still a mystery why
> the packets are not going out to the private NIC and the VM traffic still
> uses the Source NAT instead of Static NAT for egress communication.
>
> My egress rules for the network are allow ALL in 0.0.0.0/0
>
> On Sun, Jan 8, 2017 at 12:44 PM, Makrand <makrandsanap@gmail.com> wrote:
>
> > Hi Felipe,
> >
> > Have a look at below screenshot which will help you to navigate to
> firewall
> > menu for static NAT:-
> >
> > https://snag.gy/u2goXN.jpg
> >
> > 1) Once you acquire a new public IP (static NAT) you need to hook it to
> VM
> > behind that network.
> >
> > 2) If you think you've set everything right (as like above) and if things
> > still aren't working, then run tcpdump on VR interface (eth2 mostly)
> where
> > your public IP is hooked. See you're getting any packets at all on that
> > public IP from your  source IP for desired ports. If not, then you need
> to
> > configure ports properly at physical firewall for public IP.
> >
> > --
> > Makrand
> >
> >
> > On Sat, Jan 7, 2017 at 6:55 AM, Felipe Arturo Polanco <
> > felipeapolanco@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > Can anyone provide me a link to how to adjust the firewall with static
> > Nat
> > > of a virtual router?
> > >
> > > My VMs can get access to the Internet via the virtual router but when I
> > > assign a public IP via static Nat nothing happens, looks like the
> > firewall
> > > is not allowing outside communication.
> > >
> > > I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
> > > response.
> > >
> > > I'm using the default isolated network offering with nat.
> > >
> > > Any guest?
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message