Skip to content

resolves issues Multiple Public Subnets static NAT #4236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
havengit wants to merge 1 commit into from
Closed

resolves issues Multiple Public Subnets static NAT #4236

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions systemvm/debian/opt/cloud/bin/configure.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -964,6 +964,9 @@ def processStaticNatRule(self, rule):
self.fw.append(["mangle", "front",
"-A PREROUTING -d %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
(rule["public_ip"], hex(100 + int(device[len("eth"):])))])
self.fw.append(["mangle", "front",
"-A PREROUTING -s %s/32 -m state --state NEW -i eth0 -j MARK --set-xmark %s/0xffffffff" %

@weizhouapache weizhouapache Sep 22, 2020

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@havengit @div8cn
I have tested this pr. The issue described in #3604 is not back.

However in this rule, it should not be "eth0".
for isolated network, the guest nic is eth0. but for vpc, eth0 is nic for link local ip.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0e:00:a9:fe:65:77 brd ff:ff:ff:ff:ff:ff
    inet 169.254.101.119/16 brd 169.254.255.255 scope global eth0
       valid_lft forever preferred_lft forever

so in my point of view, this pr fixes the issue in isolated networks, but does not fix the issue in vpc. could you please confirm ? @havengit @div8cn

I have tested this pr but without "-i eth0", then issue #3604 is back.

@DaanHoogland DaanHoogland Sep 23, 2020

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, so we should be more intelligent about the IF to add in the rule, tnx @weizhouapache

@weizhouapache weizhouapache Oct 20, 2020

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DaanHoogland I have confirmed with @div8cn that the issue still exist with vpc.

@havengit havengit Nov 23, 2020

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DaanHoogland yes, This PR only fixes the issue in isolated networks , Weizhou's PR was much more effective #4484

(rule["internal_ip"], hex(100 + int(device[len("eth"):])))])
self.fw.append(["nat", "front",
"-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
self.fw.append(["nat", "front",
Expand Down