You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by jordan j <yo...@gmail.com> on 2023/02/03 13:44:46 UTC
How to block default allow egress 53 ?
After deploying ACS 4.17.2 with XCP-NG and Security groups we noticed that
by default egress port 53 is always allowed. Is there a way to deny that?
At first we thought it was allowed in the user network because the network
provider supported DNS service. However after removing the DNS service and
rebuilding the network the port is still open.
Another issue unrelated to the topic but I thought it may be a bug.
Error pops when creating a new instance via the GUI and specifying IP
address.
the message is "Unable to start a VM due to insufficient address capacity"
However when starting an instance without specifying address works properly.
After some investigation it seems that the IP address value is not passed
properly.
For example:
If the network is 172.20.0.0/16 and we pass a value for the instance of
172.20.0.25 the management-server.log reports that the value passed is
172.20.0.2 which is not valid.
Regards,
Jordan
Re: How to block default allow egress 53 ?
Posted by jordan j <yo...@gmail.com>.
Hi Swen,
I will open one shortly today!
Regards,
Jordan
On Mon, Feb 6, 2023 at 10:23 AM <me...@swen.io> wrote:
> Hi Jordan,
>
> can you please open an issue in github for the IP bug?
>
> Regards,
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: jordan j <yo...@gmail.com>
> Gesendet: Freitag, 3. Februar 2023 14:45
> An: users@cloudstack.apache.org
> Betreff: How to block default allow egress 53 ?
>
> After deploying ACS 4.17.2 with XCP-NG and Security groups we noticed that
> by default egress port 53 is always allowed. Is there a way to deny that?
>
> At first we thought it was allowed in the user network because the network
> provider supported DNS service. However after removing the DNS service and
> rebuilding the network the port is still open.
>
> Another issue unrelated to the topic but I thought it may be a bug.
> Error pops when creating a new instance via the GUI and specifying IP
> address.
> the message is "Unable to start a VM due to insufficient address capacity"
> However when starting an instance without specifying address works
> properly.
> After some investigation it seems that the IP address value is not passed
> properly.
>
> For example:
>
> If the network is 172.20.0.0/16 and we pass a value for the instance of
> 172.20.0.25 the management-server.log reports that the value passed is
> 172.20.0.2 which is not valid.
>
> Regards,
> Jordan
>
>
>
AW: How to block default allow egress 53 ?
Posted by me...@swen.io.
Hi Jordan,
can you please open an issue in github for the IP bug?
Regards,
Swen
-----Ursprüngliche Nachricht-----
Von: jordan j <yo...@gmail.com>
Gesendet: Freitag, 3. Februar 2023 14:45
An: users@cloudstack.apache.org
Betreff: How to block default allow egress 53 ?
After deploying ACS 4.17.2 with XCP-NG and Security groups we noticed that by default egress port 53 is always allowed. Is there a way to deny that?
At first we thought it was allowed in the user network because the network provider supported DNS service. However after removing the DNS service and rebuilding the network the port is still open.
Another issue unrelated to the topic but I thought it may be a bug.
Error pops when creating a new instance via the GUI and specifying IP address.
the message is "Unable to start a VM due to insufficient address capacity"
However when starting an instance without specifying address works properly.
After some investigation it seems that the IP address value is not passed properly.
For example:
If the network is 172.20.0.0/16 and we pass a value for the instance of
172.20.0.25 the management-server.log reports that the value passed is
172.20.0.2 which is not valid.
Regards,
Jordan