It seems fine also in a 4.3.0 VPC (KVM) I run. -- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro ----- Original Message ----- > From: "Andrija Panic" <[email protected]> > To: [email protected] > Cc: "Rohit Yadav" <[email protected]> > Sent: Wednesday, 18 March, 2015 11:29:54 > Subject: Re: SNAT and remote IP problem > I reacall this was fine in clean 4.4.0 or 4.4.1/2....cant remember any > more... > > but anyone willing to share their VR output, as I asked, will I guess help > us greatly... > > On 18 March 2015 at 12:28, Erik Weber <[email protected]> wrote: > >> Has anyone checked if this is present in 4.5? If so we should aim to have a >> fix available with 4.5.1 >> >> -- >> Erik >> >> On Wed, Mar 18, 2015 at 10:47 AM, Paul Shadwell <[email protected]> wrote: >> >> > I also have this problem, it effects running vPBX/VoIP services behind a >> > VR. >> > >> > In fact any service that requires a view on incoming IPs and domain >> names. >> > >> > For example fail2ban will block ALL access to ssh because it only ever >> > sees the VR IP address. >> > >> > Upgrading to 4.3.2 did not fix it. >> > >> > This needs fixing urgently. >> > >> > Best regards >> > >> > Paul >> > >> > >> > >> > > On 17 Mar 2015, at 14:01, Andrija Panic <[email protected]> >> wrote: >> > > >> > > Hi, >> > > >> > > is anybody willing to share the result from the folowing command, run >> in >> > VR >> > > (VPC VR): >> > > >> > > iptables -t nat -nvL >> > > >> > > This should preferable be run from SSH-to-VR, instead of >> > > ConsoleProxy-to-VR, because of nice output over SSH. >> > > >> > > >> > > It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming connections, >> no >> > > matter to WHAT IP the traffic from internet came - primary IP, or >> > > additional one that is used for i.e. Static NAT - so SNAT rules always >> > > replace remote cleint IP with MAIN IP of the VPC... >> > > >> > > Please share your examples - this is serious bug in my opinion, and I >> wil >> > > raise JIRA - but would like some examples from other guys first. >> > > >> > > THanks, >> > > >> > > -- >> > > >> > > Andrija Panić >> > >> > >> > > > > -- > > Andrija Panić
