@rhtyd may be this helps.. Looks like routing goes in such way, that packets do not go through SNAT rule on VR, what leads to such situation: if two vms are in on TIER and vm1 wants to connect to vm2 through PUBLIC IP, it should look like: vm1 internal ip -> VR SNAT -> VR DNAT -> vm2 internal ip **now on vm2 I can see packets from vm1, but** source ip is set to vm1 internal ip (not VR SNAT)
So if I try telnet from vm1 to VR publicIP:80 (which is forwarded to vm2:80), on vm2 I can see packets on port 80, but these packets are from vm1 internal ip. Next, **I even can see replies from vm2 on vm1**, but because this replies are coming from vm2 directly to vm1:internal ip and not from VR (how it should be), in fact connection is not established [ Full content available at: https://github.com/apache/cloudstack/pull/2514 ] This message was relayed via gitbox.apache.org for [email protected]
