Ask Your Question

autumnw's profile - activity

2014-09-03 17:18:03 -0500 received badge  Notable Question (source)
2014-05-23 16:54:26 -0500 received badge  Popular Question (source)
2014-05-23 09:18:33 -0500 received badge  Editor (source)
2014-05-23 08:52:59 -0500 asked a question Security group does not work between two internal subnets?

Hi,

I have two internal subnets in one tenant :

  • Subnet A: 192.168.10.0/24
  • Subnet B: 192.168.20.0/24

And one external subnet:

  • 172.24.5.0/24

All three subnets connect to the same router (router01), I want to put my web server into subnet A with external access; Want to put my DB server into subnet B. I just want web server can access DB server through port 3306(for mysql). For security reason, I don't want web server can access DB server through SSH (port22). So I applied the following security rule on DB server. But after that, I still can ssh to my DB server from my WEB server.

Direction   Ether Type  IP Protocol     Port Range  Remote 
Ingress IPv4                     ICMP            -                  192.168.20.0/24 (CIDR)

This is a simple ENV with is built with packstack icehouse, with GRE network, it is an all-in-one box. So did I understand the security group wrong or anything wrong on my ENV? Could someone shed a light on what should I check further?