It sounds like some iptables rules got broken at some point for the static NAT, and since there's still a catch-all SNAT for outbound it gets caught by that and still keeps working, but is broken in a subtle way that goes unnoticed.
On Mon, Dec 8, 2014 at 2:55 PM, Andrija Panic <andrija.pa...@gmail.com> wrote: > And just to spice things a little bit, ALL remote connections appears to > come from main Public IP of the VPC VR. > So we can not block some stuff on firewall onVM (while doing port > forwading) because all connections appear to come from main Public IP of > the VPC VR. > > This is terrible design/bug - can we change this ? > I'm on the ACS 4.3 currently... > > cheers > > On 8 December 2014 at 23:42, Andrija Panic <andrija.pa...@gmail.com> > wrote: > > > Hi, > > > > when doing port forwarding on VPC VR - port 80 - when some client access > > web site - only the main Public IP of the VPC is logged in apache access > > logs as remote IP. > > > > Why is this behaviour - and can this be changed ? > > My understanding is that this is kind of bug (unless needed for some > other > > reasons) - port forwading is DNAT in essence, so only the destination > > IP/port should be changed, not proxied all the way, as it seems to be the > > case here... > > > > I read on other guys mailing list - same behavior for loadbalancer... > > > > Any suggestion ? > > > > Thanks, > > > > -- > > > > Andrija Panić > > > > > > -- > > Andrija Panić >
