Hi Andrija, I think you’ve already figured out a workaround “SNAT all – * eth2 0.0.0.0/0 0.0.0.0/0 to:IP”, probably the fix needs to go into "systemvm/patches/debian/config/opt/cloud/bin/vpc_snat.sh” (on 4.5 for example) and usage of SetSourceNatCommand.
We can fix this for VPC, though I want to discuss if the fix can introduce any side effects? Patches are always welcome! > On 15-May-2015, at 2:51 am, ilya <ilya.mailing.li...@gmail.com> wrote: > > Daan, > > Thanks for heads up on 4.6 changes, nevertheless, quite of few folks will use > 4.5 for at least a year before they upgrade to 4.6 or 4.7 by then, so we > should still fix it in 4.5. > > Regards > ilya > > On 5/14/15 5:26 AM, Daan Hoogland wrote: >> Andrija, Marcus, Keep in mind that the vpc configuration scripts changed >> drastically in 4.6/master. The ms-called scripts are replaced by a json >> representation of the configuration that is processed on the VR. Any fix to >> the present set of scripts will be short lived. >> >> Op do 14 mei 2015 om 06:01 schreef Marcus <shadow...@gmail.com>: >> >> This could be a good opportunity to get your hands dirty and submit a >>> patch! These iptables rules are managed by a handful of shell scripts. >>> There are some specific to VPC if I remember correctly, in /opt/cloud/bin >>> on the virtual router. You can get a history of what script was run and >>> with which parameters either I'm /var/log/cloud.out on the router or debug >>> logs on the agent where the router runs. >>> On May 13, 2015 2:57 PM, "Somesh Naidu" <somesh.na...@citrix.com> wrote: >>> >>>> I believe the default network offering for Isolated Network >>>> (DefaultIsolatedNetworkOfferingWithSourceNatService) does the same. So I >>>> guess that may not be the problem. >>>> >>>> Regards, >>>> Somesh >>>> >>>> -----Original Message----- >>>> From: Andrija Panic [mailto:andrija.pa...@gmail.com] >>>> Sent: Wednesday, May 13, 2015 12:14 PM >>>> To: dev@cloudstack.apache.org >>>> Subject: Re: Bug resolve for 4.5.2 >>>> >>>> Is this maybe happening, because Im using everything of services on >>> single >>>> NEtwork offering : StaticNat, NetworkACL, PortForwarding, UserData, Vpn, >>>> SourceNat, Dns, Lb, Dhcp ? >>>> Maybe because of the design with some of the services ? >>>> >>>> Maybe I shouldnt use all stuff - although it doesnt make sense to me... >>>> >>>> On 12 May 2015 at 16:46, Andrija Panic <andrija.pa...@gmail.com> wrote: >>>> >>>>> Hi Erik, >>>>> >>>>> Thanks for geting back to me. >>>>> >>>>> I have commented the issue and provided example from brand new ACS >>>>> installation, and new VPC, 1 network, 1 VM. >>>>> >>>>> >>> http://secure-web.cisco.com/1WU4eQfmrJcfhnrBedw7AyAJbKlVUQJ5VhSpUxxbUMahg8oXbGqUkLA33un89ck8JZJHs78G4VumAGMsOQokXJ5RK2_C1-omDL66nAwlgG_yoJCZQeR79XNTfU-ql5XbKf2H05s7s4AvWrJ8ZId2r8sE7sqyx2ls3eI4vgRQgET6fU_cPtUbtUth_vZTSVzhCoq8agNngtqqw9uXXKzMXCQ/http%3A%2F%2Fpastebin.com%2FihjiDZ9h >>>> - iptables-save from inside VR on pastebin - >>>>> this is brand new VPC (1 network, 1 VM in network) on 4.4.3 release. >>>>> http://snag.gy/V949g.jpg - ACS setup and "proof" : >>>>> XXX.39.228.155 - main VPC IP >>>>> XXX.39.228.156 - additional IP, configured Static NAT to private VM >>>>> 10.10.10.10 >>>>> Connected to XXX39.228.156:22 - and done "netstat -antup | grep 22" - >>>>> remote connection seems to come from XXX.39.228.155 - main VPC IP. >>>>> This is ACS 4.4.3, Advanced Zone, KVM. >>>>> >>>>> >>>>> Thanks >>>>> >>>>> On 12 May 2015 at 14:43, Erik Weber <terbol...@gmail.com> wrote: >>>>> >>>>>> On Tue, May 12, 2015 at 2:31 PM, Andrija Panic < >>> andrija.pa...@gmail.com >>>>>> wrote: >>>>>> >>>>>>> Hi dev team, >>>>>>> >>>>>>> I was wondering who would be willing to help with: >>>>>>> https://issues.apache.org/jira/browse/CLOUDSTACK-8451 >>>>>>> >>>>>>> remote IP not seen in VM behind VPC... >>>>>>> >>>>>> Could you get the relevant iptables rule with 'iptables-save'? >>> obfuscate >>>>>> addresses etc. if you feel like it >>>>>> >>>>>> -- >>>>>> Erik >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Andrija Panić >>>>> >>>> >>>> >>>> -- >>>> >>>> Andrija Panić >>>> > Regards, Rohit Yadav Software Architect, ShapeBlue M. +91 88 262 30892 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
