You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Maurice Lawler <ma...@me.com> on 2013/04/19 05:28:22 UTC

ebtables

Hello --

Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.

I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like

ebtables nat i-2-25-VM something ... I cannot for the life of me remember.

How to list and/or drop the rules per VM.

Can you guys assist?

Re: ebtables

Posted by Marcus Sorensen <sh...@gmail.com>.
I don't remember exactly, but if you look at what IS allowed in the
ebtables output, this will show you example rules.


On Fri, Apr 19, 2013 at 2:20 PM, Maurice Lawler <ma...@me.com>wrote:

> Great -- My ebtables rules are back in place. Now, how can I go about
> dropping the rule to allow a secondary IP traffic to a particular VM.
>
> I cannot remember how to do that, someone once told me.
>
>
>
> On Apr 19, 2013, at 01:42 PM, Marcus Sorensen <sh...@gmail.com> wrote:
>
> you can go back and disable security groups in the zone if you don't care
> about the ebtables rules, or you can start up ebtables and then restart any
> associated VMs through cloudstack. The rules are dynamic, so they're not
> going to be saved anywhere on the host to be reinstated, they have to be
> reapplied by cloudstack via a restart of the vms.
>
>
> On Fri, Apr 19, 2013 at 11:12 AM, Maurice Lawler <maurice.lawler@me.com
> >wrote:
>
> > Anyone know how to correct my mistake?
> >
> > - Maurice
> >
> >
> > On Apr 19, 2013, at 2:01 AM, Maurice Lawler <ma...@me.com>
> wrote:
> >
> > > Perhaps this was not the best thing, now my ports are open; how can I
> > revert back to eatables.
> > >
> > > Along with that, when reverted, how can I drop rules for a particular
> VM
> > to allow communication via second IP address.
> > >
> > >
> > > On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com>
> > wrote:
> > >
> > >> Disregard, for now, I have disabled/removed ebtables as shown here:
> > >>
> > >>
> > 3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net
> %3E'>
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%
> 3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net
> %3E
>
> > >>
> > >>
> > >> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com>
> > wrote:
> > >>
> > >>> Hello --
> > >>>
> > >>> Previously one told me how to do this, but I cannot find my notes on
> > this, so I hope you can help me out.
> > >>>
> > >>> I am attempting to allow a secondary IP address on an instance
> by-pass
> > the routing rules set forth in ebtables. I recall doing something like
> > >>>
> > >>> ebtables nat i-2-25-VM something ... I cannot for the life of me
> > remember.
> > >>>
> > >>> How to list and/or drop the rules per VM.
> > >>>
> > >>> Can you guys assist?
> > >
> >
> >
>
>

Re: ebtables

Posted by Marcus Sorensen <sh...@gmail.com>.
you can go back and disable security groups in the zone if you don't care
about the ebtables rules, or you can start up ebtables and then restart any
associated VMs through cloudstack. The rules are dynamic, so they're not
going to be saved anywhere on the host to be reinstated, they have to be
reapplied by cloudstack via a restart of the vms.


On Fri, Apr 19, 2013 at 11:12 AM, Maurice Lawler <ma...@me.com>wrote:

> Anyone know how to correct my mistake?
>
> - Maurice
>
>
> On Apr 19, 2013, at 2:01 AM, Maurice Lawler <ma...@me.com> wrote:
>
> > Perhaps this was not the best thing, now my ports are open; how can I
> revert back to eatables.
> >
> > Along with that, when reverted, how can I drop rules for a particular VM
> to allow communication via second IP address.
> >
> >
> > On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com>
> wrote:
> >
> >> Disregard, for now, I have disabled/removed ebtables as shown here:
> >>
> >>
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
> >>
> >>
> >> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com>
> wrote:
> >>
> >>> Hello --
> >>>
> >>> Previously one told me how to do this, but I cannot find my notes on
> this, so I hope you can help me out.
> >>>
> >>> I am attempting to allow a secondary IP address on an instance by-pass
> the routing rules set forth in ebtables. I recall doing something like
> >>>
> >>> ebtables nat i-2-25-VM something ... I cannot for the life of me
> remember.
> >>>
> >>> How to list and/or drop the rules per VM.
> >>>
> >>> Can you guys assist?
> >
>
>

Re: ebtables

Posted by Marcus Sorensen <sh...@gmail.com>.
you can go back and disable security groups in the zone if you don't care
about the ebtables rules, or you can start up ebtables and then restart any
associated VMs through cloudstack. The rules are dynamic, so they're not
going to be saved anywhere on the host to be reinstated, they have to be
reapplied by cloudstack via a restart of the vms.


On Fri, Apr 19, 2013 at 11:12 AM, Maurice Lawler <ma...@me.com>wrote:

> Anyone know how to correct my mistake?
>
> - Maurice
>
>
> On Apr 19, 2013, at 2:01 AM, Maurice Lawler <ma...@me.com> wrote:
>
> > Perhaps this was not the best thing, now my ports are open; how can I
> revert back to eatables.
> >
> > Along with that, when reverted, how can I drop rules for a particular VM
> to allow communication via second IP address.
> >
> >
> > On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com>
> wrote:
> >
> >> Disregard, for now, I have disabled/removed ebtables as shown here:
> >>
> >>
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
> >>
> >>
> >> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com>
> wrote:
> >>
> >>> Hello --
> >>>
> >>> Previously one told me how to do this, but I cannot find my notes on
> this, so I hope you can help me out.
> >>>
> >>> I am attempting to allow a secondary IP address on an instance by-pass
> the routing rules set forth in ebtables. I recall doing something like
> >>>
> >>> ebtables nat i-2-25-VM something ... I cannot for the life of me
> remember.
> >>>
> >>> How to list and/or drop the rules per VM.
> >>>
> >>> Can you guys assist?
> >
>
>

Re: ebtables

Posted by Maurice Lawler <ma...@me.com>.
Anyone know how to correct my mistake?

- Maurice


On Apr 19, 2013, at 2:01 AM, Maurice Lawler <ma...@me.com> wrote:

> Perhaps this was not the best thing, now my ports are open; how can I revert back to eatables. 
> 
> Along with that, when reverted, how can I drop rules for a particular VM to allow communication via second IP address. 
> 
> 
> On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com> wrote:
> 
>> Disregard, for now, I have disabled/removed ebtables as shown here:
>> 
>> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
>> 
>> 
>> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com> wrote:
>> 
>>> Hello --
>>> 
>>> Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.
>>> 
>>> I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like 
>>> 
>>> ebtables nat i-2-25-VM something ... I cannot for the life of me remember.
>>> 
>>> How to list and/or drop the rules per VM.
>>> 
>>> Can you guys assist?
>

Re: ebtables

Posted by Maurice Lawler <ma...@me.com>.
Anyone know how to correct my mistake?

- Maurice


On Apr 19, 2013, at 2:01 AM, Maurice Lawler <ma...@me.com> wrote:

> Perhaps this was not the best thing, now my ports are open; how can I revert back to eatables. 
> 
> Along with that, when reverted, how can I drop rules for a particular VM to allow communication via second IP address. 
> 
> 
> On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com> wrote:
> 
>> Disregard, for now, I have disabled/removed ebtables as shown here:
>> 
>> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
>> 
>> 
>> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com> wrote:
>> 
>>> Hello --
>>> 
>>> Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.
>>> 
>>> I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like 
>>> 
>>> ebtables nat i-2-25-VM something ... I cannot for the life of me remember.
>>> 
>>> How to list and/or drop the rules per VM.
>>> 
>>> Can you guys assist?
>

Re: ebtables

Posted by Maurice Lawler <ma...@me.com>.
Perhaps this was not the best thing, now my ports are open; how can I revert back to eatables. 

Along with that, when reverted, how can I drop rules for a particular VM to allow communication via second IP address. 


On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com> wrote:

> Disregard, for now, I have disabled/removed ebtables as shown here:
> 
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
> 
> 
> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com> wrote:
> 
>> Hello --
>> 
>> Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.
>> 
>> I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like 
>> 
>> ebtables nat i-2-25-VM something ... I cannot for the life of me remember.
>> 
>> How to list and/or drop the rules per VM.
>> 
>> Can you guys assist?

Re: ebtables

Posted by Maurice Lawler <ma...@me.com>.
Perhaps this was not the best thing, now my ports are open; how can I revert back to eatables. 

Along with that, when reverted, how can I drop rules for a particular VM to allow communication via second IP address. 


On Apr 18, 2013, at 10:34 PM, Maurice Lawler <ma...@me.com> wrote:

> Disregard, for now, I have disabled/removed ebtables as shown here:
> 
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E
> 
> 
> On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com> wrote:
> 
>> Hello --
>> 
>> Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.
>> 
>> I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like 
>> 
>> ebtables nat i-2-25-VM something ... I cannot for the life of me remember.
>> 
>> How to list and/or drop the rules per VM.
>> 
>> Can you guys assist?

Re: ebtables

Posted by Maurice Lawler <ma...@me.com>.
Disregard, for now, I have disabled/removed ebtables as shown here:

http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201302.mbox/%3CB1DF26ECC0458748AC97CECE2DA98D41012FA47B62D2@SJCPMAILBOX01.citrite.net%3E


On Apr 18, 2013, at 11:28 PM, Maurice Lawler <ma...@me.com> wrote:

> Hello --
>
> Previously one told me how to do this, but I cannot find my notes on this, so I hope you can help me out.
>
> I am attempting to allow a secondary IP address on an instance by-pass the routing rules set forth in ebtables. I recall doing something like
>
> ebtables nat i-2-25-VM something ... I cannot for the life of me remember.
>
> How to list and/or drop the rules per VM.
>
> Can you guys assist?