You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "sadhu suresh (JIRA)" <ji...@apache.org> on 2013/05/23 13:54:19 UTC
[jira] [Created] (CLOUDSTACK-2645) When firewall and LB service
providers are different, it should not allow both the rules on same public
IP
sadhu suresh created CLOUDSTACK-2645:
----------------------------------------
Summary: When firewall and LB service providers are different, it should not allow both the rules on same public IP
Key: CLOUDSTACK-2645
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2645
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Network Devices
Affects Versions: 4.2.0
Reporter: sadhu suresh
fail to access VM when we configured LB rules and port forwarding rules are configured on same iP
Steps:
1.create a shared network offering with SRX(sourcenat/pf/snat/firewall) as NS(lb) and with conserve mode on
2.create a shared network using above network offering
3.deploy few vms using above network and acquire public IP
4.create pf rule with ports 222,22(public port 222 &private port 22)assign to guest vm& configure the firewall to allow all the IP's
5.ssh to the Guest VM with port 23
6.on the same IP configure LB rule with port 22 22
7.try to ssh to guest VM with port 222 again
Actual result:
steps 5:
able to access the guest VM 222
Step7:
after configuring lb rule,unable to ssh the Guest VM with port 222 and it failed with connection refused because same IP is active at both providers(SRX & Netscalar)
on SRX
rule destnatrule-1206020519 {
match {
destination-address 10.147.44.93/32;
destination-port 222;
}
then {
destination-nat pool 10-0-17-17-22;
}
}
}
Cloud-VirtualServer-10.147.44.93-22 (10.147.44.93:22) - TCP Type: ADDRESS
State: UP
Last state change was at Thu May 23 11:15:32 2013
Time since last state change: 0 days, 00:33:48.580
Effective State: UP
Client Idle Timeout: 9000 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
Appflow logging: ENABLED
No. of Bound Services : 1 (Total) 1 (Active)
Configured Method: ROUNDROBIN
Mode: IP
Persistence: NONE
Connection Failover: DISABLED
L2Conn: OFF
Skip Persistency: None
IcmpResponse: PASSIVE
New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
Expected result:
When firewall and LB service providers are different, it should not allow both the rules on same public IP.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira