weizhouapache commented on issue #3937: VR Port Forward rule check on Non-VPC Isolated networks URL: https://github.com/apache/cloudstack/pull/3937#issuecomment-595459008 check network VR and VPC VR, found difference as below 1. network VR ``` root@r-753-VM:~# iptables-save |grep POST -A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.251/32 -o eth0 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.10.141 ``` 2. VPC VR ``` root@r-1074-VM:~# iptables-save |grep POST -A POSTROUTING -d 10.11.118.150/32 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.12:22 -A POSTROUTING -s 192.168.0.0/27 -d 192.168.0.12/32 -o eth2 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.3 ``` 3. The first rule in VPC VR seems wrong. everything seems ok even if I remove it in VPC VR. ``` root@r-1074-VM:~# iptables -t nat -D POSTROUTING -d 10.11.118.150/32 -p tcp -m tcp --dport 22 -j SNAT --to-source 192.168.0.12:22 ``` @rhtyd @DaanHoogland @Pearl1594 I will create a PR to remove the rule in VPC VR. what do you think ?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
