You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Abhinandan Prateek (JIRA)" <ji...@apache.org> on 2013/07/26 12:23:51 UTC
[jira] [Updated] (CLOUDSTACK-2646) When firewall and LB service
providers are different, it should not allow both the rules on same public
IP
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhinandan Prateek updated CLOUDSTACK-2646:
-------------------------------------------
Assignee: Jayapal Reddy
> When firewall and LB service providers are different, it should not allow both the rules on same public IP
> ----------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2646
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2646
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Devices
> Affects Versions: 4.2.0
> Reporter: sadhu suresh
> Assignee: Jayapal Reddy
> Attachments: management-server.rar
>
>
> fail to access VM when we configured LB rules and port forwarding rules are configured on same iP
> Steps:
> 1.create a shared network offering with SRX(sourcenat/pf/snat/firewall) as NS(lb) and with conserve mode on
> 2.create a shared network using above network offering
> 3.deploy few vms using above network and acquire public IP
> 4.create pf rule with ports 222,22(public port 222 &private port 22)assign to guest vm& configure the firewall to allow all the IP's
> 5.ssh to the Guest VM with port 23
> 6.on the same IP configure LB rule with port 22 22
> 7.try to ssh to guest VM with port 222 again
> Actual result:
> steps 5:
> able to access the guest VM 222
> Step7:
> after configuring lb rule,unable to ssh the Guest VM with port 222 and it failed with connection refused because same IP is active at both providers(SRX & Netscalar)
> on SRX
> rule destnatrule-1206020519 {
> match {
> destination-address 10.147.44.93/32;
> destination-port 222;
> }
> then {
> destination-nat pool 10-0-17-17-22;
> }
> }
> }
> Cloud-VirtualServer-10.147.44.93-22 (10.147.44.93:22) - TCP Type: ADDRESS
> State: UP
> Last state change was at Thu May 23 11:15:32 2013
> Time since last state change: 0 days, 00:33:48.580
> Effective State: UP
> Client Idle Timeout: 9000 sec
> Down state flush: ENABLED
> Disable Primary Vserver On Down : DISABLED
> Appflow logging: ENABLED
> No. of Bound Services : 1 (Total) 1 (Active)
> Configured Method: ROUNDROBIN
> Mode: IP
> Persistence: NONE
> Connection Failover: DISABLED
> L2Conn: OFF
> Skip Persistency: None
> IcmpResponse: PASSIVE
> New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
> Expected result:
> When firewall and LB service providers are different, it should not allow both the rules on same public IP.
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira