You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Carlos Reategui <ca...@reategui.com> on 2014/08/12 01:48:20 UTC

Re: recreate iptables rules on hosts

I have tried to restart the network with and without the cleanup option and
this doesn't work for me.

With cleanup option the vr is destroyed and recreated and I see entries
made for the virtual router in the host's iptables however I see nothing
else for the other instances.

With cleanup option unchecked I see no changes to the iptables on any hosts.

I tried copying the iptables from my other 4.4 + 6.2 installation (this one
is 4.3 + 6.0.2) where it does not have VM specific rules but I am able to
ssh to my instances, but that did not work.

If I stop iptables I am able to access my instances.  I am ok leaving it
like this but the problem is that every time a new instance is create, the
management server send ipset commands that start it again and then I can't
access any of my instances.

This is supposed to be a basic shared network without security groups.

any ideas what is going on or how to disable iptables permanently?

thanks
Carlos



On Wed, Jul 9, 2014 at 3:48 AM, Sanjeev Neelarapu <
sanjeev.neelarapu@citrix.com> wrote:

> Restart network from cs
>
> On Jul 7, 2014 7:22 PM, =?ISO-8859-1?Q?Carlos_Re=E1tegui?= <
> creategui@gmail.com> wrote:
> As in service network restart on the hosts or something in the cloudstack
> UI?
>
> > On Jul 7, 2014, at 6:06 AM, Sanjeev Neelarapu <
> sanjeev.neelarapu@citrix.com> wrote:
> >
> > Restart network might help you.
> >
> > -----Original Message-----
> > From: Carlos ReƔtegui [mailto:creategui@gmail.com]
> > Sent: Monday, July 07, 2014 12:05 PM
> > To: CloudStack-Users
> > Subject: recreate iptables rules on hosts
> >
> > I just upgraded to 4.3 from 4.1.
> >
> > On 4.1 I had disabled iptables on my XenServer hosts because I had had
> problems accessing my instances.   Which now I believe was due to ipset not
> working with the kernel I had (see my other threads on that if interested).
> >
> > Now that I am on 4.3 (and with a properly working ipset in XenServer),
> it looks like every time a new instance is created, iptables is getting
> started and a new rule added to access the new instance (as expected).
>  However, all my existing instances become unreachable because they do not
> have rules.  Is there tool to have Cloudstack re-create all the rules for
> existing instances on the hosts?
> >
> > In case it matters I am using basic networking without security groups.
> >
> > thanks,
> > Carlos
>