[jira] [Updated] (CLOUDSTACK-2646) When firewall and LB service providers are different, it should not allow both the rules on same public IP

Abhinandan Prateek (JIRA) Fri, 26 Jul 2013 03:24:16 -0700

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-2646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Abhinandan Prateek updated CLOUDSTACK-2646:
-------------------------------------------

    Assignee: Jayapal Reddy
    
> When firewall and LB service providers are different, it should not allow 
> both the rules on same public IP
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2646
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2646
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Devices
>    Affects Versions: 4.2.0
>            Reporter: sadhu suresh
>            Assignee: Jayapal Reddy
>         Attachments: management-server.rar
>
>
> fail to access VM when we configured LB rules and port forwarding rules are 
> configured on same iP
> Steps:
> 1.create a shared network offering with SRX(sourcenat/pf/snat/firewall) as  
> NS(lb) and with conserve mode  on
> 2.create a shared network using above network offering
> 3.deploy few vms  using above network and acquire public IP
> 4.create pf rule with ports 222,22(public port 222 &private port 22)assign to 
> guest vm& configure the firewall to allow all the IP's
> 5.ssh to the Guest VM with port 23
> 6.on the same IP configure LB rule with port 22 22 
> 7.try to ssh to guest VM  with port 222 again
> Actual result:
> steps 5:
> able to access the guest VM 222
> Step7:
> after configuring lb rule,unable to ssh  the Guest VM  with port 222 and it 
> failed with connection refused because same IP is active at both 
> providers(SRX & Netscalar)
>  on SRX
>   rule destnatrule-1206020519 {
>         match {
>             destination-address 10.147.44.93/32;
>             destination-port 222;
>         }
>         then {
>             destination-nat pool 10-0-17-17-22;
>         }
>     }
> }
> Cloud-VirtualServer-10.147.44.93-22 (10.147.44.93:22) - TCP     Type: ADDRESS
>         State: UP
>         Last state change was at Thu May 23 11:15:32 2013
>         Time since last state change: 0 days, 00:33:48.580
>         Effective State: UP
>         Client Idle Timeout: 9000 sec
>         Down state flush: ENABLED
>         Disable Primary Vserver On Down : DISABLED
>         Appflow logging: ENABLED
>         No. of Bound Services :  1 (Total)       1 (Active)
>         Configured Method: ROUNDROBIN
>         Mode: IP
>         Persistence: NONE
>         Connection Failover: DISABLED
>         L2Conn: OFF
>         Skip Persistency: None
>         IcmpResponse: PASSIVE
>         New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
> Expected result:
> When firewall and LB service providers are different, it should not allow 
> both the rules on same public IP.
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CLOUDSTACK-2646) When firewall and LB service providers are different, it should not allow both the rules on same public IP

Reply via email to