You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Jayapal Reddy (JIRA)" <ji...@apache.org> on 2017/05/30 06:51:04 UTC
[jira] [Created] (CLOUDSTACK-9930) SNAT rule is incorrectly added
on for PF rule
Jayapal Reddy created CLOUDSTACK-9930:
-----------------------------------------
Summary: SNAT rule is incorrectly added on for PF rule
Key: CLOUDSTACK-9930
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9930
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Reporter: Jayapal Reddy
Fix For: 4.10.0.0
1. Acquire an ip from the additional public subnet.
2. Configure a port forwarding rule on the isolated network.
3. Check the snat rule added in nat table. It is added on default source nat interface instead of additional public subnet interface.
eth3 - additional public subnet interface.
{noformat}
root@r-133-QA:~# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 CONNMARK tcp -- eth3 * 0.0.0.0/0 10.147.52.100 tcp dpt:22 state NEW CONNMARK save
0 0 DNAT tcp -- eth3 * 0.0.0.0/0 10.147.52.100 tcp dpt:22 to:10.1.1.182:22
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 10.147.52.100 tcp dpt:22 to:10.1.1.182:22
0 0 MARK tcp -- eth3 * 0.0.0.0/0 10.147.52.100 tcp dpt:22 MARK set 0x3
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 10.147.52.100 tcp dpt:22 to:10.1.1.182:22
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 500 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 to:10.147.46.107
0 0 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 to:10.147.52.100
0 0 SNAT tcp -- * eth0 10.1.1.0/24 10.1.1.182 tcp dpt:22 to:10.1.1.1
root@r-133-QA:~#
root@r-133-QA:~#
root@r-133-QA:~#
root@r-133-QA:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:00:24:c6:00:07 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.1/24 brd 10.1.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0e:00:a9:fe:02:b7 brd ff:ff:ff:ff:ff:ff
inet 169.254.2.183/16 brd 169.254.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:00:1e:00:00:13 brd ff:ff:ff:ff:ff:ff
inet 10.147.46.107/24 brd 10.147.46.255 scope global eth2
7: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:00:e0:00:00:33 brd ff:ff:ff:ff:ff:ff
inet 10.147.52.100/24 brd 10.147.52.255 scope global eth3
root@r-133-QA:~#
root@r-133-QA:~# ip route show table Table_eth3
default via 10.147.52.1 dev eth3 proto static
throw 10.1.1.0/24 proto static
throw 169.254.0.0/16 proto static
root@r-133-QA:~# ip route show table Table_eth2
default via 10.147.46.1 dev eth2 proto static
throw 10.1.1.0/24 proto static
throw 169.254.0.0/16 proto static
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)