Thanks Daan, ok. But we really need to fix this for good - it completely breaks VPC functionality on user side - I will try to have this fixed with my team.
It's really interesting I'm having this problem across different releases (4.3.x 4.4, 4.5) but i.e. I asked Lucian for help, he provided me with iptables rules from his VR, there was no problem in his installation (advanced zone/vlan) Also Im not aware if other people have this problem or not... Thx On 14 May 2015 at 14:26, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > Andrija, Marcus, Keep in mind that the vpc configuration scripts changed > drastically in 4.6/master. The ms-called scripts are replaced by a json > representation of the configuration that is processed on the VR. Any fix to > the present set of scripts will be short lived. > > Op do 14 mei 2015 om 06:01 schreef Marcus <shadow...@gmail.com>: > > This could be a good opportunity to get your hands dirty and submit a > > patch! These iptables rules are managed by a handful of shell scripts. > > There are some specific to VPC if I remember correctly, in /opt/cloud/bin > > on the virtual router. You can get a history of what script was run and > > with which parameters either I'm /var/log/cloud.out on the router or > debug > > logs on the agent where the router runs. > > On May 13, 2015 2:57 PM, "Somesh Naidu" <somesh.na...@citrix.com> wrote: > > > > > I believe the default network offering for Isolated Network > > > (DefaultIsolatedNetworkOfferingWithSourceNatService) does the same. So > I > > > guess that may not be the problem. > > > > > > Regards, > > > Somesh > > > > > > -----Original Message----- > > > From: Andrija Panic [mailto:andrija.pa...@gmail.com] > > > Sent: Wednesday, May 13, 2015 12:14 PM > > > To: dev@cloudstack.apache.org > > > Subject: Re: Bug resolve for 4.5.2 > > > > > > Is this maybe happening, because Im using everything of services on > > single > > > NEtwork offering : StaticNat, NetworkACL, PortForwarding, UserData, > Vpn, > > > SourceNat, Dns, Lb, Dhcp ? > > > Maybe because of the design with some of the services ? > > > > > > Maybe I shouldnt use all stuff - although it doesnt make sense to me... > > > > > > On 12 May 2015 at 16:46, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > > > > > Hi Erik, > > > > > > > > Thanks for geting back to me. > > > > > > > > I have commented the issue and provided example from brand new ACS > > > > installation, and new VPC, 1 network, 1 VM. > > > > > > > > > > > > > > http://secure-web.cisco.com/1WU4eQfmrJcfhnrBedw7AyAJbKlVUQJ5VhSpUxxbUMahg8oXbGqUkLA33un89ck8JZJHs78G4VumAGMsOQokXJ5RK2_C1-omDL66nAwlgG_yoJCZQeR79XNTfU-ql5XbKf2H05s7s4AvWrJ8ZId2r8sE7sqyx2ls3eI4vgRQgET6fU_cPtUbtUth_vZTSVzhCoq8agNngtqqw9uXXKzMXCQ/http%3A%2F%2Fpastebin.com%2FihjiDZ9h > > > - iptables-save from inside VR on pastebin - > > > > this is brand new VPC (1 network, 1 VM in network) on 4.4.3 release. > > > > http://snag.gy/V949g.jpg - ACS setup and "proof" : > > > > XXX.39.228.155 - main VPC IP > > > > XXX.39.228.156 - additional IP, configured Static NAT to private VM > > > > 10.10.10.10 > > > > Connected to XXX39.228.156:22 - and done "netstat -antup | grep 22" - > > > > remote connection seems to come from XXX.39.228.155 - main VPC IP. > > > > This is ACS 4.4.3, Advanced Zone, KVM. > > > > > > > > > > > > Thanks > > > > > > > > On 12 May 2015 at 14:43, Erik Weber <terbol...@gmail.com> wrote: > > > > > > > >> On Tue, May 12, 2015 at 2:31 PM, Andrija Panic < > > andrija.pa...@gmail.com > > > > > > > >> wrote: > > > >> > > > >> > Hi dev team, > > > >> > > > > >> > I was wondering who would be willing to help with: > > > >> > https://issues.apache.org/jira/browse/CLOUDSTACK-8451 > > > >> > > > > >> > remote IP not seen in VM behind VPC... > > > >> > > > > >> > > > >> Could you get the relevant iptables rule with 'iptables-save'? > > obfuscate > > > >> addresses etc. if you feel like it > > > >> > > > >> -- > > > >> Erik > > > >> > > > > > > > > > > > > > > > > -- > > > > > > > > Andrija Panić > > > > > > > > > > > > > > > > -- > > > > > > Andrija Panić > > > > > > -- Andrija Panić
