Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Static NAT and Port forwarding do not work if the VM NIC is not default #8366

Open
weizhouapache opened this issue Dec 15, 2023 · 0 comments
Open

Static NAT and Port forwarding do not work if the VM NIC is not default #8366

weizhouapache opened this issue Dec 15, 2023 · 0 comments
Assignees
@weizhouapache
Labels
component:advanced-networking component:networking
Milestone
4.20.0.0

Comments

@weizhouapache
Copy link
Member

weizhouapache commented Dec 15, 2023
edited

as title

Steps to reproduce the issue

  • create a VM with two NICs (the 2nd NIC is on an isolated network)
  • acquire public IPs for the isolated network
  • Enable Static NAT to the VM, add firewall rules. The IP is unreachable
  • Create port forwarding rule to the vm, add firewall rules. The IP is unreachable as well

Workaround

  • Use load balancing rule instead of static NAT and port forwarding.
  • configure ip rule/tables inside the VM

Idea: when enable static nat or create firewall rules, specify if the public IP is transparent or not.

  • If transparent, the source IP of packets which are forwarded from cloudstack VR to the VM, will not be changed
  • If not transparent, the source IP of packets which are forwarded from cloudstack VR to the VM, will be the VR IP.
ISSUE TYPE
  • Bug Report
  • Improvement Request
COMPONENT NAME
VR
CLOUDSTACK VERSION
4.18/4.19
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@weizhouapache weizhouapache

Labels
component:advanced-networking component:networking
Projects
None yet
Milestone
4.20.0.0
Development

No branches or pull requests
2 participants
@DaanHoogland @weizhouapache