weizhouapache commented on a change in pull request #4236:
URL: https://github.com/apache/cloudstack/pull/4236#discussion_r492845742
##########
File path: systemvm/debian/opt/cloud/bin/configure.py
##########
@@ -964,6 +964,9 @@ def processStaticNatRule(self, rule):
self.fw.append(["mangle", "front",
"-A PREROUTING -d %s/32 -m state --state NEW -j MARK
--set-xmark %s/0xffffffff" %
(rule["public_ip"], hex(100 +
int(device[len("eth"):])))])
+ self.fw.append(["mangle", "front",
+ "-A PREROUTING -s %s/32 -m state --state NEW -i eth0
-j MARK --set-xmark %s/0xffffffff" %
Review comment:
@havengit @div8cn
I have tested this pr. The issue described in #3604 is not back.
However in this rule, it should not be "eth0".
for isolated network, the guest nic is eth0. but for vpc, eth0 is nic for
link local ip.
```
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 0e:00:a9:fe:65:77 brd ff:ff:ff:ff:ff:ff
inet 169.254.101.119/16 brd 169.254.255.255 scope global eth0
valid_lft forever preferred_lft forever
```
so in my point of view, this pr fixes the issue in isolated networks, but
does not fix the issue in vpc. could you please confirm ? @havengit @div8cn
I have tested this pr but without "-i eth0", then issue #3604 is back.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
