You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "angeline shen (JIRA)" <ji...@apache.org> on 2013/04/27 04:50:16 UTC
[jira] [Commented] (CLOUDSTACK-2220) SRX - By default, egress
traffic is NOT BLOCKED from guest netowrk to public network
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13643484#comment-13643484 ]
angeline shen commented on CLOUDSTACK-2220:
-------------------------------------------
[ashen@localhost ~]$ ssh root@10.223.123.17
root@10.223.123.17's password:
Last login: Sat Apr 27 00:29:11 2013 from 10.216.133.70
[root@Admin-VM-2 ~]# ping www.google.com
PING www.google.com (173.194.38.144) 56(84) bytes of data.
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=1 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=2 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=3 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=4 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=5 ttl=43 time=173 ms
64 bytes from sin04s01-in-f16.1e100.net (173.194.38.144): icmp_seq=6 ttl=43 time=173 ms
[ashen@localhost ~]$ ssh root@10.223.123.20
The authenticity of host '10.223.123.20 (10.223.123.20)' can't be established.
RSA key fingerprint is 5e:41:b7:1c:46:95:24:52:de:ef:bb:83:1e:40:43:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.223.123.20' (RSA) to the list of known hosts.
root@10.223.123.20's password:
Last login: Wed Jan 25 03:19:18 2012
[root@Admin-VM-3 ~]# ping www.google.com
PING www.google.com (173.194.38.148) 56(84) bytes of data.
64 bytes from sin04s01-in-f20.1e100.net (173.194.38.148): icmp_seq=1 ttl=43 time=173 ms
64 bytes from sin04s01-in-f20.1e100.net (173.194.38.148): icmp_seq=2 ttl=43 time=172 ms
> SRX - By default, egress traffic is NOT BLOCKED from guest netowrk to public network
> -------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2220
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2220
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Environment: MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2
> Reporter: angeline shen
> Assignee: Jayapal Reddy
> Priority: Critical
> Fix For: 4.2.0
>
> Attachments: management-server.log.gz
>
>
> MS ACS 4.2 build 4/24/13 7:48 PM revision: 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2
> 1. SRX network offering : isolated DHCP: virtual router DNS: virtual router firewall: SRX userdata:virtual router sourceNAT: SRX staticNAT: SRX portforward: SRX sourceNAT type: perzone
> 2. domain: ROOT admin
> domain: /d1 domain admin: d1domain
> domain: /d2 user: d2user
> 3. login: admin create VMs, allocate public IPs .
> BUG: login any VM via console: able to ping www.google.com
> login: d1domain repeat above steps
> BUG: login any VM via console: able to ping www.google.com
> login: d2user repeat above steps
> BUG: login any VM via console: able to ping www.google.com
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira