[jira] [Commented] (CLOUDSTACK-8891) Isolated network VR default iptables rules in INPUT chain are missing

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14901996#comment-14901996
 ] 

ASF GitHub Bot commented on CLOUDSTACK-8891:
--------------------------------------------

GitHub user jayapalu opened a pull request:

    https://github.com/apache/cloudstack/pull/867

    CLOUDSTACK-8891: Fixed default iptables rules on VR  for guest traffic

    VR default iptables rules in INPUT chain are configured partially.
    In CsAddress.py rules are configured while configuring public interface, 
guest interface post configuration is missed. Fixed to configure guest post 
configuration so that iptables rules are configured.
    
    Testing:
    1. Deployed vm in the network.
    2.iptables rules on the VR configured correctly.
    3.VM got the dhcp ip address from the VR.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jayapalu/cloudstack CLOUDSTACK-8891

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/867.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #867
    
----
commit 276fa531c768b2f4be2b80d128a488f36dff29a2
Author: Jayapal <jayapalreddy.ur...@citrix.com>
Date:   2015-09-22T05:03:58Z

    CLOUDSTACK-8891: Fixed default iptables rules on VR  for guest traffic

----


> Isolated network VR default iptables rules in INPUT chain are missing
> ---------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8891
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8891
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.6.0
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>             Fix For: 4.6.0
>
>
> Repro steps:
> 1.Create a advance zone setup
> 2. Create a VM in isolated network
> Bug
> VM is not assigned its guest ip as dhcp port in router is not open
> Also dns, http ports missing.
> iptables -L INPUT -nvx
> Chain INPUT (policy DROP 1330 packets, 79806 bytes)
> pkts bytes target prot opt in out source dest ination
> 1616 116814 NETWORK_STATS all – * * 0.0.0.0/0 0. 0.0.0/0
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 4 730 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 255 34874 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)