we managed once to get it working, after doing PF, DNAT, rebooting VR/VPC and mixing all this together in no particular oder.... it started working at some point, but with new VPC deployed again - again doesnt work - have no idea what the heck is happening... :(
On 19 March 2015 at 17:35, Nux! <n...@li.nux.ro> wrote: > It seems fine also in a 4.3.0 VPC (KVM) I run. > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- > > From: "Andrija Panic" <andrija.pa...@gmail.com> > > To: dev@cloudstack.apache.org > > Cc: "Rohit Yadav" <rohit.ya...@shapeblue.com> > > Sent: Wednesday, 18 March, 2015 11:29:54 > > Subject: Re: SNAT and remote IP problem > > > I reacall this was fine in clean 4.4.0 or 4.4.1/2....cant remember any > > more... > > > > but anyone willing to share their VR output, as I asked, will I guess > help > > us greatly... > > > > On 18 March 2015 at 12:28, Erik Weber <terbol...@gmail.com> wrote: > > > >> Has anyone checked if this is present in 4.5? If so we should aim to > have a > >> fix available with 4.5.1 > >> > >> -- > >> Erik > >> > >> On Wed, Mar 18, 2015 at 10:47 AM, Paul Shadwell <shadw...@me.com> > wrote: > >> > >> > I also have this problem, it effects running vPBX/VoIP services > behind a > >> > VR. > >> > > >> > In fact any service that requires a view on incoming IPs and domain > >> names. > >> > > >> > For example fail2ban will block ALL access to ssh because it only ever > >> > sees the VR IP address. > >> > > >> > Upgrading to 4.3.2 did not fix it. > >> > > >> > This needs fixing urgently. > >> > > >> > Best regards > >> > > >> > Paul > >> > > >> > > >> > > >> > > On 17 Mar 2015, at 14:01, Andrija Panic <andrija.pa...@gmail.com> > >> wrote: > >> > > > >> > > Hi, > >> > > > >> > > is anybody willing to share the result from the folowing command, > run > >> in > >> > VR > >> > > (VPC VR): > >> > > > >> > > iptables -t nat -nvL > >> > > > >> > > This should preferable be run from SSH-to-VR, instead of > >> > > ConsoleProxy-to-VR, because of nice output over SSH. > >> > > > >> > > > >> > > It seems in 4.3.0 and 4.3.2, SNAT is done on ALL incoming > connections, > >> no > >> > > matter to WHAT IP the traffic from internet came - primary IP, or > >> > > additional one that is used for i.e. Static NAT - so SNAT rules > always > >> > > replace remote cleint IP with MAIN IP of the VPC... > >> > > > >> > > Please share your examples - this is serious bug in my opinion, and > I > >> wil > >> > > raise JIRA - but would like some examples from other guys first. > >> > > > >> > > THanks, > >> > > > >> > > -- > >> > > > >> > > Andrija Panić > >> > > >> > > >> > > > > > > > > -- > > > > Andrija Panić > -- Andrija Panić
