@rhtyd may be this helps.. Looks like routing goes in such way, that packets do not go through SNAT rule on VR, what leads to such situation: if two vms are in one TIER and vm1 wants to connect to vm2 through PUBLIC IP, it should look like: vm1 internal ip -> VR SNAT -> VR DNAT -> vm2 internal ip **right now**, on vm2 I can see packets from vm1, **but** source ip is set to **vm1 internal ip** (not VR SNAT)
So if I try telnet from vm1 to VR publicIP:80 (which is forwarded to vm2:80), on vm2 I can see packets on port 80, but these packets are from vm1 internal ip(should be from VR SNAT). Next, **I even can see replies from vm2 on vm1**, but because this replies are coming from vm2 directly (to vm1:internal ip) - in fact connection is not established. [ Full content available at: https://github.com/apache/cloudstack/pull/2514 ] This message was relayed via gitbox.apache.org for [email protected]
