[jira] [Commented] (CLOUDSTACK-8881) [Blocker] PF , static nat , LB , egress rules not working in case of isolated networks

Thu, 24 Sep 2015 04:59:13 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14906254#comment-14906254
 ] 

Jayapal Reddy commented on CLOUDSTACK-8881:
-------------------------------------------

1. This PR includes the changes for static nat and PF. 
2. For LB there is no firewall rules configuration in VR. It can be take it as 
separate task/ticket.
3. For egress rules there is PR#881

> [Blocker] PF , static nat , LB , egress rules not working in case of isolated 
> networks
> --------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8881
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8881
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.6.0
>            Reporter: Raja Pullela
>            Assignee: Wilder Rodrigues
>            Priority: Blocker
>             Fix For: 4.6.0
>
>
> BVTs are failing as - 
> integration.smoke.test_loadbalance.TestLoadBalance.test_01_create_lb_rule_src_nat
> integration.smoke.test_loadbalance.TestLoadBalance.test_02_create_lb_rule_non_nat
> integration.smoke.test_loadbalance.TestLoadBalance.test_assign_and_removal_lb
> integration.smoke.test_network.TestPortForwarding.test_01_port_fwd_on_src_nat
> integration.smoke.test_network.TestPortForwarding.test_02_port_fwd_on_non_src_nat
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_1_static_nat_rule
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_2_nat_rule
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_3_Load_Balancer_Rule
> integration.smoke.test_network.TestRebootRouter.test_reboot_router
> Repro steps:
> 1.Create a advance zone setup
> 2. Create a VM in isolated network 
> 3. add PF rules, LB rules, Static nat rules ,firewall rules , Egress rules to 
> the network
> ( i added the rules for port 22 and on different public ips by acquiring ips )
> Bug: 
> none of the rules works
> Routers iptables shows following entries
> Chain INPUT (policy DROP 1330 packets, 79806 bytes)
> pkts bytes target prot opt in out source dest ination
> 1616 116814 NETWORK_STATS all – * * 0.0.0.0/0 0. 0.0.0/0
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 4 730 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 255 34874 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state 
> NEW,ESTABLISHED



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to