Slair1 commented on issue #2680: Using Source NAT option on Private Gateway does not work URL: https://github.com/apache/cloudstack/issues/2680#issuecomment-396407405 @rhtyd /cc @ustcweizhou I think you're right @rhtyd, it isn't obvious, but when a guest VM attempts to communicate with another guest VM's public IP, the packet flows into iptables and then hairpins back out. Without the SNAT in place, the reply from the destination VM would go straight to source VM. Which breaks any stateful, protocol such as TCP, since the source IP in the reply packet will be the private IP of the original destination VM while the original source VM is expecting the source IP to be the public IP... If that makes sense... if not let me know and i can explain more. I'll take a look and update the code some!
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
