[
https://issues.apache.org/jira/browse/CLOUDSTACK-9050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15003793#comment-15003793
]
ASF GitHub Bot commented on CLOUDSTACK-9050:
--------------------------------------------
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/1063#issuecomment-156382390
@dsclose
Scripts not in use since 4.6.0:
```
public static final String FIREWALL_EGRESS = "firewall_egress.sh";
public static final String IPASSOC = "ipassoc.sh";
public static final String VMDATA = "vmdata.py";
public static final String VPC_ACL = "vpc_acl.sh";
public static final String VPC_GUEST_NETWORK = "vpc_guestnw.sh";
public static final String VPC_PRIVATEGW_ACL = "vpc_privategw_acl.sh";
public static final String VPC_STATIC_NAT = "vpc_staticnat.sh";
public static final String VPC_STATIC_ROUTE = "vpc_staticroute.sh";
public static final String S2SVPN_IPSEC = "ipsectunnel.sh";
public static final String DHCP = "edithosts.sh";
public static final String DNSMASQ_CONFIG = "dnsmasq.sh";
public static final String FIREWALL_INGRESS = "firewall_ingress.sh";
public static final String FIREWALL_NAT = "firewall_nat.sh";
public static final String IPALIAS_CREATE = "createipAlias.sh";
public static final String IPALIAS_DELETE = "deleteipAlias.sh";
public static final String LB = "loadbalancer.sh";
public static final String MONITOR_SERVICE = "monitor_service.sh";
public static final String PASSWORD = "savepassword.sh";
public static final String VPC_IPASSOC = "vpc_ipassoc.sh";
public static final String VPC_LB = "vpc_loadbalancer.sh";
public static final String VPC_PRIVATEGW = "vpc_privateGateway.sh";
public static final String VPC_PORTFORWARDING = "vpc_portforwarding.sh";
public static final String VPC_SOURCE_NAT = "vpc_snat.sh";
public static final String VPN_L2TP = "vpn_l2tp.sh";
```
I will remove all of them from the project to avoid misunderstands.
Cheers,
Wilder
> Virtual Router Static-NAT rules bind to wrong public interface
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-9050
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9050
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: ISO, Virtual Router
> Affects Versions: 4.5.2
> Reporter: dsclose
>
> When a virtual router has multiple public NICs (in a scenario where multiple
> guest subnets are available) the router is liable to create static-NAT rules
> for certain IP addresses that refer to incorrect interfaces.
> Example
> ----------
> A /24 has been divided into a /25 and two /26 ranges. The /25 and one /26 are
> used for guest IP addresses. This may lead to the following IP addresses
> being assigned to a virtual router:
> eth0: 10.1.1.1/24
> eth1: 169.254.3.82/16
> eth2: 123.123.123.130/26 and 123.123.123.150/26
> eth3: 123.123.123.19/25 and 123.123.123.120/25
> Scenario:
> The user decides to create two static NATs. One from 123.123.123.120/25, the
> other from 123.123.123.19/25, both to hosts on the 10.1.1.0/24 range.
> Result:
> 123.123.123.120/25 is successfully configured as a static NAT and works
> immediately. All NAT rules in the resulting iptables correctly refer to eth3
> as the source or destination interface. Cloudstack reports that
> 123.123.123.19/25 is successfully configured but it does not work. All NAT
> rules in the resulting iptables INCORRECTLY refer to eth2 as the source or
> destination interface.
> Cause:
> The virtual router greps the output of "ip addr show dev ethN" until it finds
> the IP address. However, this command also prints out the broadcast address
> for the subnet which may partially include an IP address from a similar
> range. In the above example, 123.123.123.19/25 was INCORRECTLY NAT'd to eth2
> because the IP address was matched by the broadcast address of
> 123.123.123.191.
> This is liable to occur on any router with NICs on two similar subnets.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
