I reacall this was fine in clean 4.4.0 or 4.4.1/2....cant remember any more...
but anyone willing to share their VR output, as I asked, will I guess help us greatly... On 18 March 2015 at 12:28, Erik Weber <terbol...@gmail.com> wrote: > Has anyone checked if this is present in 4.5? If so we should aim to have a > fix available with 4.5.1 > > -- > Erik > > On Wed, Mar 18, 2015 at 10:47 AM, Paul Shadwell <shadw...@me.com> wrote: > > > I also have this problem, it effects running vPBX/VoIP services behind a > > VR. > > > > In fact any service that requires a view on incoming IPs and domain > names. > > > > For example fail2ban will block ALL access to ssh because it only ever > > sees the VR IP address. > > > > Upgrading to 4.3.2 did not fix it. > > > > This needs fixing urgently. > > > > Best regards > > > > Paul > > > > > > > > > On 17 Mar 2015, at 14:01, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > > > > Hi, > > > > > > is anybody willing to share the result from the folowing command, run > in > > VR > > > (VPC VR): > > > > > > iptables -t nat -nvL > > > > > > This should preferable be run from SSH-to-VR, instead of > > > ConsoleProxy-to-VR, because of nice output over SSH. > > > > > > > > > It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections, > no > > > matter to WHAT IP the traffic from internet came - primary IP, or > > > additional one that is used for i.e. Static NAT - so SNAT rules always > > > replace remote cleint IP with MAIN IP of the VPC... > > > > > > Please share your examples - this is serious bug in my opinion, and I > wil > > > raise JIRA - but would like some examples from other guys first. > > > > > > THanks, > > > > > > -- > > > > > > Andrija Panić > > > > > -- Andrija Panić
