[ https://issues.apache.org/jira/browse/CLOUDSTACK-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
samhith vasikarla updated CLOUDSTACK-9941: ------------------------------------------ Summary: Port forwarding rules are not persistent when we reboot VR from outside Cloudstack (was: The port forwarding rules on the virtual router are not persist when we do reboot from outside from the cloudstack management server) > Port forwarding rules are not persistent when we reboot VR from outside > Cloudstack > ----------------------------------------------------------------------------------- > > Key: CLOUDSTACK-9941 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9941 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.10.0.0 > Reporter: samhith vasikarla > Fix For: 4.10.0.0 > > Attachments: log.txt > > > 1. Create a network say N1 with Network offering "Conserve Mode Enabled and > all other services with Virtual Router" > 2. Create an instance with N1 > 3. After successful creation of instance, Navigate to Network and add port > forwarding rules . > 4.After successful addition of port forwarding rules .Login to the router and > type iptables -t nat -L we will find the port forwarding rules > root@r-22-VM:~# iptables -t nat -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh > to:10.1.1.114:22 > DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh > to:10.1.1.114:22 > MARK tcp -- anywhere 10.147.30.184 tcp dpt:ssh > MARK set 0x2 > CONNMARK tcp -- anywhere 10.147.30.184 tcp dpt:ssh > state NEW CONNMARK save > Chain INPUT (policy ACCEPT) > target prot opt source destination > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh > to:10.1.1.114:22 > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- anywhere anywhere to:10.147.30.184 > SNAT tcp -- 10.1.1.0/24 conserve tcp dpt:ssh > to:10.1.1.1 > 5. Reboot the router from outside of the management server > 6.Again type iptables -t nat -L and check whether the rules are persistent . > Observation : > Post reboot from outside of cloudstack , PF rules are not present on the > iptables of VR. > In database the pf rules are present > mysql> select * from port_forwarding_rules\G; > *************************** 1. row *************************** > id: 46 > instance_id: 23 > dest_ip_address: 10.1.1.114 > dest_port_start: 22 > dest_port_end: 22 > 1 row in set (0.00 sec) > ***************************************************************** > In forwarding rules.json the rules are present > { > "10.147.30.184": [ > { > "internal_ip": "10.1.1.114", > "internal_ports": "22:22", > "protocol": "tcp", > "public_ip": "10.147.30.184", > "public_ports": "22:22", > "type": "forward" > } > ], > "id": "forwardingrules" > } > ****************************************************************** > But in iptables the rules are not present > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > Chain INPUT (policy ACCEPT) > target prot opt source destination > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > ******************************************************************** > In the above one we cannot ssh to the virtual machine > ssh root@10.147.30.184 > ssh: connect to host 10.147.30.184 port 22: Connection refused > Note : When the vr is rebooted from cloudstack , all the rules are again > fetched. > -- This message was sent by Atlassian JIRA (v6.3.15#6346)