You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Carlos Reategui <ca...@reategui.com> on 2014/08/12 01:48:20 UTC
Re: recreate iptables rules on hosts
I have tried to restart the network with and without the cleanup option and
this doesn't work for me.
With cleanup option the vr is destroyed and recreated and I see entries
made for the virtual router in the host's iptables however I see nothing
else for the other instances.
With cleanup option unchecked I see no changes to the iptables on any hosts.
I tried copying the iptables from my other 4.4 + 6.2 installation (this one
is 4.3 + 6.0.2) where it does not have VM specific rules but I am able to
ssh to my instances, but that did not work.
If I stop iptables I am able to access my instances. I am ok leaving it
like this but the problem is that every time a new instance is create, the
management server send ipset commands that start it again and then I can't
access any of my instances.
This is supposed to be a basic shared network without security groups.
any ideas what is going on or how to disable iptables permanently?
thanks
Carlos
On Wed, Jul 9, 2014 at 3:48 AM, Sanjeev Neelarapu <
sanjeev.neelarapu@citrix.com> wrote:
> Restart network from cs
>
> On Jul 7, 2014 7:22 PM, =?ISO-8859-1?Q?Carlos_Re=E1tegui?= <
> creategui@gmail.com> wrote:
> As in service network restart on the hosts or something in the cloudstack
> UI?
>
> > On Jul 7, 2014, at 6:06 AM, Sanjeev Neelarapu <
> sanjeev.neelarapu@citrix.com> wrote:
> >
> > Restart network might help you.
> >
> > -----Original Message-----
> > From: Carlos ReƔtegui [mailto:creategui@gmail.com]
> > Sent: Monday, July 07, 2014 12:05 PM
> > To: CloudStack-Users
> > Subject: recreate iptables rules on hosts
> >
> > I just upgraded to 4.3 from 4.1.
> >
> > On 4.1 I had disabled iptables on my XenServer hosts because I had had
> problems accessing my instances. Which now I believe was due to ipset not
> working with the kernel I had (see my other threads on that if interested).
> >
> > Now that I am on 4.3 (and with a properly working ipset in XenServer),
> it looks like every time a new instance is created, iptables is getting
> started and a new rule added to access the new instance (as expected).
> However, all my existing instances become unreachable because they do not
> have rules. Is there tool to have Cloudstack re-create all the rules for
> existing instances on the hosts?
> >
> > In case it matters I am using basic networking without security groups.
> >
> > thanks,
> > Carlos
>