This could be a good opportunity to get your hands dirty and submit a patch! These iptables rules are managed by a handful of shell scripts. There are some specific to VPC if I remember correctly, in /opt/cloud/bin on the virtual router. You can get a history of what script was run and with which parameters either I'm /var/log/cloud.out on the router or debug logs on the agent where the router runs. On May 13, 2015 2:57 PM, "Somesh Naidu" <somesh.na...@citrix.com> wrote:
> I believe the default network offering for Isolated Network > (DefaultIsolatedNetworkOfferingWithSourceNatService) does the same. So I > guess that may not be the problem. > > Regards, > Somesh > > -----Original Message----- > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > Sent: Wednesday, May 13, 2015 12:14 PM > To: dev@cloudstack.apache.org > Subject: Re: Bug resolve for 4.5.2 > > Is this maybe happening, because Im using everything of services on single > NEtwork offering : StaticNat, NetworkACL, PortForwarding, UserData, Vpn, > SourceNat, Dns, Lb, Dhcp ? > Maybe because of the design with some of the services ? > > Maybe I shouldnt use all stuff - although it doesnt make sense to me... > > On 12 May 2015 at 16:46, Andrija Panic <andrija.pa...@gmail.com> wrote: > > > Hi Erik, > > > > Thanks for geting back to me. > > > > I have commented the issue and provided example from brand new ACS > > installation, and new VPC, 1 network, 1 VM. > > > > > http://secure-web.cisco.com/1WU4eQfmrJcfhnrBedw7AyAJbKlVUQJ5VhSpUxxbUMahg8oXbGqUkLA33un89ck8JZJHs78G4VumAGMsOQokXJ5RK2_C1-omDL66nAwlgG_yoJCZQeR79XNTfU-ql5XbKf2H05s7s4AvWrJ8ZId2r8sE7sqyx2ls3eI4vgRQgET6fU_cPtUbtUth_vZTSVzhCoq8agNngtqqw9uXXKzMXCQ/http%3A%2F%2Fpastebin.com%2FihjiDZ9h > - iptables-save from inside VR on pastebin - > > this is brand new VPC (1 network, 1 VM in network) on 4.4.3 release. > > http://snag.gy/V949g.jpg - ACS setup and "proof" : > > XXX.39.228.155 - main VPC IP > > XXX.39.228.156 - additional IP, configured Static NAT to private VM > > 10.10.10.10 > > Connected to XXX39.228.156:22 - and done "netstat -antup | grep 22" - > > remote connection seems to come from XXX.39.228.155 - main VPC IP. > > This is ACS 4.4.3, Advanced Zone, KVM. > > > > > > Thanks > > > > On 12 May 2015 at 14:43, Erik Weber <terbol...@gmail.com> wrote: > > > >> On Tue, May 12, 2015 at 2:31 PM, Andrija Panic <andrija.pa...@gmail.com > > > >> wrote: > >> > >> > Hi dev team, > >> > > >> > I was wondering who would be willing to help with: > >> > https://issues.apache.org/jira/browse/CLOUDSTACK-8451 > >> > > >> > remote IP not seen in VM behind VPC... > >> > > >> > >> Could you get the relevant iptables rule with 'iptables-save'? obfuscate > >> addresses etc. if you feel like it > >> > >> -- > >> Erik > >> > > > > > > > > -- > > > > Andrija Panić > > > > > > -- > > Andrija Panić >
