You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Jayapal Reddy (JIRA)" <ji...@apache.org> on 2013/05/02 07:28:16 UTC

[jira] [Commented] (CLOUDSTACK-2220) SRX - By default, egress traffic is NOT BLOCKED from guest network to public network

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647310#comment-13647310 ] 

Jayapal Reddy commented on CLOUDSTACK-2220:
-------------------------------------------

1. The below security policy is accepting all the traffic.

default-policy {
    permit-all;
}

2. De activated this policy is your SRX device. Now the Egress should work as expected.

3. When ingress traffic is send to guest network the return traffic (egress) is allowed which is expected.

4. Please check your scenario in your setup, if you see any issue let me know. Otherwise mark this bug as invalid

                
> SRX - By default, egress traffic is NOT BLOCKED from guest network to public network 
> -------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2220
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2220
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
>            Reporter: angeline shen
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: management-server.log.gz
>
>
> MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
> 1. SRX network offering : isolated DHCP: virtual router DNS: virtual router firewall: SRX userdata:virtual router sourceNAT: SRX staticNAT: SRX portforward: SRX sourceNAT type: perzone
> 2. domain: ROOT admin
>    domain: /d1 domain admin: d1domain
>    domain: /d2 user: d2user
> 3. login: admin create VMs, allocate public IPs . 
>     BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d1domain repeat above steps
>    BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d2user repeat above steps 
>    BUG:   login  any VM  via console:  able to ping  www.google.com

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira