[jira] [Commented] (CLOUDSTACK-2219) SRX - Unable to ssh VM even when TCP port 22 rule set, able to ping VM even when no ICMP rule set

Jayapal Reddy (JIRA) Thu, 09 May 2013 21:57:17 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-2219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13653546#comment-13653546
 ]


Jayapal Reddy commented on CLOUDSTACK-2219:
-------------------------------------------

Please attach SRX configuration. Router iptables rules will not help much 
because router is not acting as firewall here .
>From SRX cli run 'show configuration | display set'  and attach the 
>configuration here.
                
> SRX - Unable to ssh VM even when TCP port 22 rule set, able to ping VM even 
> when no ICMP rule set
> -------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2219
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2219
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: MS  ACS 4.2  build    4/24/13 7:48 PM     revision:  
> 299cccf779f75c3ba04d9ec7303bed88394c3562 
> host   XS  6.0.2  
>            Reporter: angeline shen
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: management-server.log.gz
>
>
> MS  ACS 4.2  build    4/24/13 7:48 PM     revision:  
> 299cccf779f75c3ba04d9ec7303bed88394c3562 
> host   XS  6.0.2  
> 1. SRX network offering :  isolated  DHCP: virtual router   DNS: virtual 
> router   firewall: SRX   userdata:virtual router   sourceNAT: SRX    
> staticNAT: SRX   portforward: SRX   sourceNAT type: perzone
> 2. domain:  ROOT    admin
>    domain:   /d1         domain admin:  d1domain  
>    domain:   /d2         user:     d2user
> 3.  login:  admin    create VMs,  allocate public IPs . 
>     for each IP,  set firewall rule    CIDR  0.0.0.0/0    TCP    startport: 1 
>  endport: 8090
>     set portforward rule   private port range: 22 - 22  public port range: 22 
> - 22   TCP   assign to VM  
>     from external (laptop)   test ping VMs   and ssh to VMs   
>     login:  d1domain    repeat above steps
>     login:  d2user        repeat above steps
>       login             VM              public IP             ping         
> comment   ssh         comment
>     
> -----------------------------------------------------------------------------------------------------------------------------
>    
>       admin          i-2-17        10.223.123.17        succeed    bug        
>    succeed    
>       admin          i-2-22        10.223.123.20        succeed    bug        
>    succeed    
>       d1domain     i-3-18        10.223.123.18        succeed    bug          
>  fail           bug
>       d1domain     i-3-19        10.223.123.19        succeed    bug          
>  fail           bug
>       d2user         i-4-20        10.223.123.12        succeed    bug        
>    fail           bug
>       d2user         i-4-21        10.223.123.14        succeed    bug        
>    fail           bug
>     

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-2219) SRX - Unable to ssh VM even when TCP port 22 rule set, able to ping VM even when no ICMP rule set

Reply via email to