incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sadhu suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-106) Inter Vlan - When Vms are deployed as part of VPC , all egress traffic is blocked. It should be open for all egress traffic until first egress rule is added.
Date Thu, 27 Sep 2012 18:02:07 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464929#comment-13464929
] 

sadhu suresh commented on CLOUDSTACK-106:
-----------------------------------------

Tested with latest build still see the probem by default we are not allowing egress traffic.

unable to ping google.com

Steps:
**********
Create a VPC. 
Create few networks in this VPC. 
Deploy few vms as part of this VPC. 

>From with in these Vms , try to access any server like ping google.com 

We are NOT allowed access. 



oot@r-5-VM:~# iptables-save | grep OUTBOUND
:ACL_OUTBOUND_eth2 - [0:0]
-A PREROUTING -s 10.1.1.0/24 ! -d 10.1.1.1/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
-A ACL_OUTBOUND_eth2 -j DROP


Machine IP:10.147.29.102(root/password)

 cloud-sccs
Git Revision: 8ed8b8b8b66084e0e5409ae5fcc9dc1caca53519
Git URL: https://git-wip-us.apache.org/repos/asf/incubator-cloudstack.git



                
> Inter Vlan - When Vms are deployed as part of VPC , all egress traffic is blocked. It
should be open for all egress traffic until first egress rule is added. 
> --------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-106
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-106
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Management Server
>    Affects Versions: pre-4.0.0
>         Environment: Tested with:
> Git Revision: 03df2fa9dd45c938f72cd1866044b09d1b0cc978
> Git URL: https://git-wip-us.apache.org/repos/asf/incubator-cloudstack.git
>  
>            Reporter: Sangeetha Hariharan
>            Assignee: Anthony Xu
>             Fix For: pre-4.0.0
>
>
> Inter Vlan - When Vms are deployed as part of VPC , all egress traffic is blocked. Its
should be open for all egress traffic until first egress rule is added.
> Steps to reproduce the problem:
> Create a VPC.
> Create few networks in this VPC.
> Deploy few vms as part of this VPC.
> From with in these Vms , try to access any server like ping google.com
> We are NOT allowed access.
> Expected Behavior:
> By default , It should be open for all egress traffic until first egress rule is added.

> root@r-10-ASF:/opt/cloud/bin# iptables-save | grep OUTBOUND
> :ACL_OUTBOUND_eth2 - [0:0]
> :ACL_OUTBOUND_eth3 - [0:0]
> -A PREROUTING -s 10.1.1.0/24 ! -d 10.1.1.1/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2

> -A PREROUTING -s 10.1.2.0/24 ! -d 10.1.2.1/32 -i eth3 -m state --state NEW -j ACL_OUTBOUND_eth3

> -A ACL_OUTBOUND_eth2 -j DROP 
> -A ACL_OUTBOUND_eth3 -j DROP
>  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message