You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "angeline shen (JIRA)" <ji...@apache.org> on 2013/04/27 04:50:16 UTC

[jira] [Commented] (CLOUDSTACK-2220) SRX - By default, egress traffic is NOT BLOCKED from guest netowrk to public network

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13643484#comment-13643484 ] 

angeline shen commented on CLOUDSTACK-2220:
-------------------------------------------

[ashen@localhost ~]$ ssh root@10.223.123.17
root@10.223.123.17's password: 
Last login: Sat Apr 27 00:29:11 2013 from 10.216.133.70
[root@Admin-VM-2 ~]# ping www.google.com
PING www.google.com (173.194.38.144) 56(84) bytes of data.
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=1 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=2 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=3 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=4 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=5 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=6 ttl=43 time=173 ms



[ashen@localhost ~]$ ssh root@10.223.123.20
The authenticity of host '10.223.123.20 (10.223.123.20)' can't be established.
RSA key fingerprint is 5e:41:b7:1c:46:95:24:52:de:ef:bb:83:1e:40:43:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.223.123.20' (RSA) to the list of known hosts.
root@10.223.123.20's password: 
Last login: Wed Jan 25 03:19:18 2012
[root@Admin-VM-3 ~]# ping www.google.com
PING www.google.com (173.194.38.148) 56(84) bytes of data.
64 bytes from sin04s01-in-f20.1e100.net (173.194.38.148): icmp_seq=1 ttl=43 time=173 ms
64 bytes from sin04s01-in-f20.1e100.net (173.194.38.148): icmp_seq=2 ttl=43 time=172 ms






                
> SRX - By default, egress traffic is NOT BLOCKED from guest netowrk to public network 
> -------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2220
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2220
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
>            Reporter: angeline shen
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: management-server.log.gz
>
>
> MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
> 1. SRX network offering : isolated DHCP: virtual router DNS: virtual router firewall: SRX userdata:virtual router sourceNAT: SRX staticNAT: SRX portforward: SRX sourceNAT type: perzone
> 2. domain: ROOT admin
>    domain: /d1 domain admin: d1domain
>    domain: /d2 user: d2user
> 3. login: admin create VMs, allocate public IPs . 
>     BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d1domain repeat above steps
>    BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d2user repeat above steps 
>    BUG:   login  any VM  via console:  able to ping  www.google.com

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira