[jira] [Comment Edited] (CLOUDSTACK-8795) outgoing public traffic blocked in vm created using DefaultIsolatedNetworkOfferingWithSourceNatService

Sun, 13 Sep 2015 23:26:12 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14742999#comment-14742999
 ] 

Rajani Karuturi edited comment on CLOUDSTACK-8795 at 9/14/15 6:25 AM:
----------------------------------------------------------------------

ping from router vm is successful as it goes to the OUTBOUND chain

{noformat}
root@r-37-VM:~# ping google.com
PING google.com (216.58.220.46): 48 data bytes
56 bytes from 216.58.220.46: icmp_seq=0 ttl=49 time=27.880 ms
56 bytes from 216.58.220.46: icmp_seq=1 ttl=49 time=37.696 ms
56 bytes from 216.58.220.46: icmp_seq=2 ttl=49 time=32.419 ms
^C--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
{noformat}

Whereas in case of user vm, it goes to the FORWARD chain and gets dropped. I 
doesnt reach the FIREWALL_EGRESS_RULES chain


was (Author: rajanik):
ping from router vm is successful as it goes to the OUTBOUND chain

{noformat}
root@r-37-VM:~# ping google.com
PING google.com (216.58.220.46): 48 data bytes
56 bytes from 216.58.220.46: icmp_seq=0 ttl=49 time=27.880 ms
56 bytes from 216.58.220.46: icmp_seq=1 ttl=49 time=37.696 ms
56 bytes from 216.58.220.46: icmp_seq=2 ttl=49 time=32.419 ms
^C--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
{noformat}

Whereas in case of user vm, it goes to the FORWARD chain and gets dropped

> outgoing public traffic blocked in vm created using 
> DefaultIsolatedNetworkOfferingWithSourceNatService 
> -------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8795
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8795
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.6.0
>         Environment: Xenserver 6.5, advanced zone, CS 4.6.0
>            Reporter: Rajani Karuturi
>            Assignee: Wilder Rodrigues
>            Priority: Blocker
>
> in case of vm launched in vpc, outgoing public traffic worked (I was able to 
> ping google.com)
> But, in case of default isolated 
> network(DefaultIsolatedNetworkOfferingWithSourceNatService) vm, outgoing 
> public traffic was blocked even after adding egress rule.
> It only worked after running the following on isolated VR
> iptables -I FW_OUTBOUND -j FIREWALL_EGRESS_RULES
> This issue is observed while reviewing PR #765 
> https://github.com/apache/cloudstack/pull/765#issuecomment-136962555



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to