Failed VR health check gateways_check.py on additional public IP range

[weizhouapache]

Steps to reproduce the issue

• Use multiple IP-Ranges / VLANs on Public Physical Network
• Create VPC
• Create multiple tiers
• Deploy one VM in every tier
• Allocate IP-Adresses from different ranges / vlans
• Create Static NAT for at least one VM with an IP not originating from snat-range.
• Execute health-checks

More information

• In the VPC VR, there are two public nics

eth1 - xxx.xx.179.15/24
eth2 - xxx.xx.178.11/24

The health check gateways_check.py failed with error message
Unreachable gateways found - xxx.xx.178.1

• switch says "Rule Interface Mismatch"

and drops these packets

• The iptables rules shows

-A POSTROUTING -j SNAT -o eth1 --to-source xxx.xx.179.15
-A POSTROUTING -j SNAT -o eth2 --to-source xxx.xx.179.15

the issue is fixed by changing the rules to

-A POSTROUTING -o eth1 -j SNAT --to-source xxx.xx.179.15
-A POSTROUTING -o eth2 -j SNAT --to-source xxx.xx.178.11

ISSUE TYPE

• Bug Report

COMPONENT NAME

VR

CLOUDSTACK VERSION

4.18.2.1

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

[weizhouapache]

this issue seems to be caused by #8599

there is no other pf/lb/dnat issues found until now