kovukono opened a new issue #3763: Issue with hairpinning for port forwarding URL: https://github.com/apache/cloudstack/issues/3763 <!-- Verify first that your issue/request is not already reported on GitHub. Also test if the latest release and master branch are affected too. Always add information AFTER of these HTML comments, but no need to delete the comments. --> ##### ISSUE TYPE <!-- Pick one below and delete the rest --> * Bug Report ##### COMPONENT NAME <!-- --> ~~~ VR ~~~ ##### CLOUDSTACK VERSION <!-- --> ~~~ 4.12 ~~~ ##### CONFIGURATION <!-- Virtual Router with one or more networks, with one public IP port-forwarded to an instance in one of its networks. --> ##### OS / ENVIRONMENT <!-- N/A --> ##### SUMMARY <!-- Explain the problem/feature briefly --> When we upgraded from 4.10 to 4.12, we noticed that hairpinning had started failing in VMs that were port-forwarded. We believe that we were able to track the change back to [this PR](https://github.com/apache/cloudstack/pull/2681), specifically the if statement added at line 479 in CsAddress.py. I understand why it was added (and have verified the issues Private Gateways have without it while trying to fix it on our own), but we'd still like to be able to add in the hairpinning feature that was lost when we upgraded. ##### STEPS TO REPRODUCE <!-- --> <!-- Paste example playbooks or commands between quotes below --> ~~~ * Create a VPC, with a network and VM inside that network. * Create a public IP and port forward it to that VM. * Either SSH into the VM or open its console and attempt to telnet on a port opened that public IP (i.e., telnet 172.30.202.29 22, if port forwarding port 22). ~~~ <!-- You can also paste gist.github.com links for larger files --> ##### EXPECTED RESULTS <!-- What did you expect to happen when running the steps above? --> Telnet should be able to connect to the port exposed through port forwarding. iptables should look similar to this: ~~~ Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * eth2 10.123.1.0/24 0.0.0.0/0 to:10.123.1.1 222 16681 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 to:172.30.202.28 0 0 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 to:172.30.202.29 0 0 SNAT tcp -- * * 0.0.0.0/0 172.30.202.29 tcp dpt:22 to:10.123.1.96:22 ~~~ ##### ACTUAL RESULTS <!-- What actually happened? --> Telnet is unable to connect to the port. iptables looks like this: <!-- Paste verbatim command output between quotes below --> ~~~ Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 222 16681 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 to:172.30.202.28 0 0 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 to:172.30.202.29 0 0 SNAT tcp -- * * 0.0.0.0/0 172.30.202.29 tcp dpt:22 to:10.123.1.96:22 ~~~
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
