Or wait, you're not using static NAT, you're just using port forwarding, correct? Everything will be NAT'ed outbound to the VPC router's public IP per SNAT, like one would expect behind a NAT. You could force outbound to match the IP that the port forwarder is on, but what if you have multiple IPs port forwarding to that instance?
At any rate, if you can find a set of iptables rules you think should be applied in a certain case to fix an issue, you can find the scripts that apply these rules in systemvm/patches/debian/config/opt/cloud/bin/. These scripts adjust iptables whenever a change is made. If you can come up with a fix for something you can send us in a patch. On Mon, Dec 8, 2014 at 3:08 PM, Andrija Panic <andrija.pa...@gmail.com> wrote: > Hi Erik - yes I know of shared network - been using that, but want to move > behind VPC to organize stuff a little bit more... ok, for loadbalancing - > did not check, as that is not my problem at the moment. > > But port forwarding really is - this is really bad implemenation or bug in > my opinion, never saw this kind of behaviour on any router anywhere... > > On 9 December 2014 at 00:03, Erik Weber <terbol...@gmail.com> wrote: > > > On Mon, Dec 8, 2014 at 11:55 PM, Andrija Panic <andrija.pa...@gmail.com> > > wrote: > > > > > And just to spice things a little bit, ALL remote connections appears > to > > > come from main Public IP of the VPC VR. > > > So we can not block some stuff on firewall onVM (while doing port > > > forwading) because all connections appear to come from main Public IP > of > > > the VPC VR. > > > > > > This is terrible design/bug - can we change this ? > > > I'm on the ACS 4.3 currently... > > > > > > > > This is a NAT problem. You could use a shared network with Public IPs or > > Basic Networking with Public IPs. > > > > -- > > Erik > > > > > > -- > > Andrija Panić >
