You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by jayapalu <gi...@git.apache.org> on 2015/08/13 10:39:23 UTC
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
GitHub user jayapalu opened a pull request:
https://github.com/apache/cloudstack/pull/690
CLOUDSTACK-8710: Fixed applying iptables rules for s2s vpn
@remibergsma @wilderrodrigues
Moved applying iptables rules apply after vpn configuration so that vpn specific rules also get applied
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jayapalu/cloudstack vpn
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/690.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #690
----
commit da9e757b8e48c54a4ecbd3bdb027b573ac5a3314
Author: Jayapal <ja...@apache.org>
Date: 2015-08-13T08:37:12Z
CLOUDSTACK-8710: Fixed applying iptables rules for s2s vpn
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by jayapalu <gi...@git.apache.org>.
Github user jayapalu commented on the pull request:
https://github.com/apache/cloudstack/pull/690#issuecomment-130602329
@remibergsma
I thought you are only looking at the rules issue. You can look at the other issues in s2s vpn.
You might have observed it but making it to your notice In below rule space is needed at '%s -m' .
- self.fw.append(["nat", "front", "-A POSTROUTING -t nat -o %s-m mark --set-xmark 0x525/0xffffffff -j ACCEPT" % dev])
+ self.fw.append(["nat", "front", "-A POSTROUTING -t nat -o %s -m mark --mark 0x525/0xffffffff -j ACCEPT" % dev])
I am actually looking at the ipsec with strongswan so I need s2s vpn iptables rules to applied for my testing.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/cloudstack/pull/690
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by remibergsma <gi...@git.apache.org>.
Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/690#issuecomment-130798498
Forgot to update this.. tested it and the rules are applied OK now. LGTM.
I will add more firewall rules so the feature will work again. Let's also look at the tests (if any).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by remibergsma <gi...@git.apache.org>.
Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/690#issuecomment-130593053
Hi @jayapalu I also worked on this, and but even with the firewall rules applied, the functionality still doesn't work because some rules are missing. So, this might fix CLOUDSTACK-8710 as it applies the rules but I think the goal should be to make two VMs in two VPCs be able to reach each other through the VPN. Anyway, I'll make a separate issue for this and keep working on it.
I already figured out what rules are missing. Some other issues are also impacting this, like the missing default gateway.
Let's be clear on who works on what (by assigning the issue) or else we'll do duplicate work. That's why I assigned the issue to me yesterday.
Will run test to verify your fix now.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by remibergsma <gi...@git.apache.org>.
Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/690#issuecomment-131016340
@jayapalu Please see PR #693, I went ahead and included your work there. Please let me know if this is OK with you. I included the exact same commit from this PR.
Please do not merge this PR.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack pull request: CLOUDSTACK-8710: Fixed applying iptables ...
Posted by remibergsma <gi...@git.apache.org>.
Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/690#issuecomment-130654437
@jayapalu happy you're helping out! If you found out more stuff already, feel free to post. Thanks! :-)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---