[
https://issues.apache.org/jira/browse/CLOUDSTACK-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
samhith vasikarla updated CLOUDSTACK-9941:
------------------------------------------
Summary: Port forwarding rules are not persistent when we reboot VR from
outside Cloudstack (was: The port forwarding rules on the virtual router are
not persist when we do reboot from outside from the cloudstack management
server)
> Port forwarding rules are not persistent when we reboot VR from outside
> Cloudstack
> -----------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9941
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9941
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.10.0.0
> Reporter: samhith vasikarla
> Fix For: 4.10.0.0
>
> Attachments: log.txt
>
>
> 1. Create a network say N1 with Network offering "Conserve Mode Enabled and
> all other services with Virtual Router"
> 2. Create an instance with N1
> 3. After successful creation of instance, Navigate to Network and add port
> forwarding rules .
> 4.After successful addition of port forwarding rules .Login to the router and
> type iptables -t nat -L we will find the port forwarding rules
> root@r-22-VM:~# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh
> to:10.1.1.114:22
> DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh
> to:10.1.1.114:22
> MARK tcp -- anywhere 10.147.30.184 tcp dpt:ssh
> MARK set 0x2
> CONNMARK tcp -- anywhere 10.147.30.184 tcp dpt:ssh
> state NEW CONNMARK save
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere 10.147.30.184 tcp dpt:ssh
> to:10.1.1.114:22
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT all -- anywhere anywhere to:10.147.30.184
> SNAT tcp -- 10.1.1.0/24 conserve tcp dpt:ssh
> to:10.1.1.1
> 5. Reboot the router from outside of the management server
> 6.Again type iptables -t nat -L and check whether the rules are persistent .
> Observation :
> Post reboot from outside of cloudstack , PF rules are not present on the
> iptables of VR.
> In database the pf rules are present
> mysql> select * from port_forwarding_rules\G;
> *************************** 1. row ***************************
> id: 46
> instance_id: 23
> dest_ip_address: 10.1.1.114
> dest_port_start: 22
> dest_port_end: 22
> 1 row in set (0.00 sec)
> *****************************************************************
> In forwarding rules.json the rules are present
> {
> "10.147.30.184": [
> {
> "internal_ip": "10.1.1.114",
> "internal_ports": "22:22",
> "protocol": "tcp",
> "public_ip": "10.147.30.184",
> "public_ports": "22:22",
> "type": "forward"
> }
> ],
> "id": "forwardingrules"
> }
> ******************************************************************
> But in iptables the rules are not present
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> ********************************************************************
> In the above one we cannot ssh to the virtual machine
> ssh root@10.147.30.184
> ssh: connect to host 10.147.30.184 port 22: Connection refused
> Note : When the vr is rebooted from cloudstack , all the rules are again
> fetched.
>
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
