You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by "Tamas Monos (JIRA)" <ji...@apache.org> on 2012/11/26 14:19:00 UTC

[jira] [Created] (CLOUDSTACK-535) Virtual Router DNS is restricted to UDP only

Tamas Monos created CLOUDSTACK-535:
--------------------------------------

             Summary: Virtual Router DNS is restricted to UDP only
                 Key: CLOUDSTACK-535
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-535
             Project: CloudStack
          Issue Type: Bug
          Components: Network Controller
    Affects Versions: 4.0.0
            Reporter: Tamas Monos
            Priority: Minor


Issue:
When a new router VM is generated and started the initial firewall rules allow only port 53 on UDP only. Router VMs should allow port 53 on TCP is well due to longer resolutions can switch to TCP for example cPanel. The cPanel installer will not run if it cannot resolve over TCP.

Workaround:
Login to the router VM and execute:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT

Resolution:
I'm sure where the inital firewall rules are coming from (maybe systemVM ISO?) but there this new rule should be added.



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CLOUDSTACK-535) Virtual Router DNS is restricted to UDP only

Posted by "Tamas Monos (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tamas Monos updated CLOUDSTACK-535:
-----------------------------------

    Description: 
Issue:
When a new router VM is generated and started the initial firewall rules allow only port 53 on UDP. Router VMs should allow port 53 on TCP is well due to longer resolutions can switch to TCP for example cPanel. The cPanel installer will not run if it cannot resolve over TCP.

Workaround:
Login to the router VM and execute:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT

Resolution:
I'm not sure where the initial firewall rules are coming from (maybe systemVM ISO?) but there this new rule should be added.



  was:
Issue:
When a new router VM is generated and started the initial firewall rules allow only port 53 on UDP only. Router VMs should allow port 53 on TCP is well due to longer resolutions can switch to TCP for example cPanel. The cPanel installer will not run if it cannot resolve over TCP.

Workaround:
Login to the router VM and execute:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT

Resolution:
I'm sure where the inital firewall rules are coming from (maybe systemVM ISO?) but there this new rule should be added.



    
> Virtual Router DNS is restricted to UDP only
> --------------------------------------------
>
>                 Key: CLOUDSTACK-535
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-535
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Network Controller
>    Affects Versions: 4.0.0
>            Reporter: Tamas Monos
>            Priority: Minor
>
> Issue:
> When a new router VM is generated and started the initial firewall rules allow only port 53 on UDP. Router VMs should allow port 53 on TCP is well due to longer resolutions can switch to TCP for example cPanel. The cPanel installer will not run if it cannot resolve over TCP.
> Workaround:
> Login to the router VM and execute:
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
> Resolution:
> I'm not sure where the initial firewall rules are coming from (maybe systemVM ISO?) but there this new rule should be added.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-535) Virtual Router DNS is restricted to UDP only

Posted by "Marcus Sorensen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13503868#comment-13503868 ] 

Marcus Sorensen commented on CLOUDSTACK-535:
--------------------------------------------

The commit 82a7e49fad81b001410b66d151743b112d0daa65 should fix this. I added tcp 53 to every systemvm script that had udp 53 allowed.
                
> Virtual Router DNS is restricted to UDP only
> --------------------------------------------
>
>                 Key: CLOUDSTACK-535
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-535
>             Project: CloudStack
>          Issue Type: Bug
>          Components: Network Controller
>    Affects Versions: 4.0.0
>            Reporter: Tamas Monos
>            Priority: Minor
>
> Issue:
> When a new router VM is generated and started the initial firewall rules allow only port 53 on UDP. Router VMs should allow port 53 on TCP is well due to longer resolutions can switch to TCP for example cPanel. The cPanel installer will not run if it cannot resolve over TCP.
> Workaround:
> Login to the router VM and execute:
> iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
> Resolution:
> I'm not sure where the initial firewall rules are coming from (maybe systemVM ISO?) but there this new rule should be added.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira