> On May 20, 2013, 7 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 845 > > <https://reviews.apache.org/r/11224/diff/2/?file=293966#file293966line845> > > > > Why ICMP's getSrcPortRange is null(then need the min/max default value)?
For ICMP protocol we are not passing the port range. We are only passing the icml type and code. So for ICMP protocol we are getting getSrcPortRange() as null because there are ports passed for icml. > On May 20, 2013, 7 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 854 > > <https://reviews.apache.org/r/11224/diff/2/?file=293966#file293966line854> > > > > I think it's wrong here. Firewall is only firewall, it won't and > > shouldn't response to the ICMP or other request, unless port forwarding or > > static nat rule configured. In firewall when ICMP rule is configured and there is no static NAT or PF - In this case public interface IP will give the response. Static NAT + Firewall ICMP - In this case VM will give the response. This behaviour is also same in VR - Jayapal ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11224/#review20784 ----------------------------------------------------------- On May 20, 2013, 5:55 a.m., Jayapal Reddy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/11224/ > ----------------------------------------------------------- > > (Updated May 20, 2013, 5:55 a.m.) > > > Review request for cloudstack, Abhinandan Prateek, Sheng Yang, and Murali > Reddy. > > > Description > ------- > > 1. Updated to configure the firewall filter for the icmp protocol > 2. Proxy arp is required for icmp response on SRX public IP. So adding proxy > arp along with firewall rules > > > This addresses bug CLOUDSTACK-2386. > > > Diffs > ----- > > > plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java > a429306 > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java > a0068c3 > server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java 4a90a77 > utils/src/com/cloud/utils/net/NetUtils.java 9551c26 > > Diff: https://reviews.apache.org/r/11224/diff/ > > > Testing > ------- > > 1. Added icmp firewall rule and tested ping to public ip from the public > subnet > 2. Tested configuring Static NAT and PF > > > Thanks, > > Jayapal Reddy > >
