You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by bh...@apache.org on 2017/08/22 06:50:29 UTC

[cloudstack] branch master updated: CLOUDSTACK-10030: Make sure that public IPs assigned to VPC are reacheable from inside the VPC (#2221)

This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/master by this push:
     new deb92d3  CLOUDSTACK-10030: Make sure that public IPs assigned to VPC are reacheable from inside the VPC (#2221)
deb92d3 is described below

commit deb92d32bbf743208472113874fac98960099d99
Author: Syed Mushtaq Ahmed <sy...@gmail.com>
AuthorDate: Tue Aug 22 02:50:25 2017 -0400

    CLOUDSTACK-10030: Make sure that public IPs assigned to VPC are reacheable from inside the VPC (#2221)
    
    If a public IP is assigned to a VPC, a VM running inside that VPC cannot ping that public IP. This is due to the IPtables Nat rules set in such a way that drop any requests to the public IP from internal interfaces. I am fixing this so that internal hosts can also reach the public IP.
    
    Reproduction:
    
    Create a VPC
    Create a network inside the VPC
    Allocate a public IP
    Create a VM in the network
    Create a port forwarding rule enabling ICMP
    ping the public IP inside the VM (this will fail)
---
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 252bd2c..f111309 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -892,7 +892,7 @@ class CsForwardingRules(CsDataBag):
         self.fw.append(["filter", "", fw7])
 
     def forward_vpc(self, rule):
-        fw_prerout_rule = "-A PREROUTING -d %s/32 -i %s" % (rule["public_ip"], self.getDeviceByIp(rule['public_ip']))
+        fw_prerout_rule = "-A PREROUTING -d %s/32 " % (rule["public_ip"])
         if not rule["protocol"] == "any":
             fw_prerout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
         if not rule["public_ports"] == "any":

-- 
To stop receiving notification emails like this one, please contact
['"commits@cloudstack.apache.org" <co...@cloudstack.apache.org>'].