You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Jevgeni Zolotarjov <j....@gmail.com> on 2018/09/24 18:24:23 UTC
Re: UNCHECKED Re: Unable to communicate to instances on new host - iptables?

Hello

Can you tell me, how do I find if this is my guest network.

This is what I find in configuration for the guestnetwork:
Name defaultGuestNetwork
Type Shared
State Setup
VPC ID N/A
Persistent No
broadcasturi vlan://untagged
Network CIDR
IPv6 Gateway
IPv6 CIDR
Reserved IP Range
Redundant Router No
Network domain cs1cloud.internal


I guess, the answer to your question is NO. But how do I make proper
configuration?

best regards,
Jevgeni


On Wed, Sep 19, 2018 at 4:53 PM Simon Weller <sw...@ena.com.invalid>
wrote:

> Is your guest network the bond0.200?
>
>
>
>
> ________________________________
> From: Jevgeni Zolotarjov <j....@gmail.com>
> Sent: Wednesday, September 19, 2018 9:34 AM
> To: users@cloudstack.apache.org
> Subject: Re: Unable to communicate to instances on new host - iptables?
>
> sure
>
> iptables:
> *mangle
> :PREROUTING ACCEPT [4215:32894293]
> :INPUT ACCEPT [3585:32849592]
> :FORWARD ACCEPT [756:57998]
> :OUTPUT ACCEPT [3739:715406]
> :POSTROUTING ACCEPT [4495:773404]
> COMMIT
>
> *nat
> :PREROUTING ACCEPT [22:3593]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [3:4508]
> :POSTROUTING ACCEPT [25:8101]
> COMMIT
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [28:1788]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT
> -A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to
> 127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable
> -A INPUT -m comment --comment "Accept all incoming" -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow
> all incoming on established connections" -j ACCEPT
> -A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT
> COMMIT
>
>
> On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <sw...@ena.com.invalid>
> wrote:
>
> > Can you provide your iptables rules on your hosts?
> >
> >
> >
> > ________________________________
> > From: Jevgeni Zolotarjov <j....@gmail.com>
> > Sent: Wednesday, September 19, 2018 9:29 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Unable to communicate to instances on new host - iptables?
> >
> > sorry. corrected network config
> >
> > ifcfg-bond0:
> > TYPE=Bond
> > BONDING_MASTER=yes
> > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > DEVICE=bond0
> > ONBOOT=yes
> > BOOTPROTO=none
> > USERCTL=no
> > HOTPLUG=no
> > BRIDGE=cloudbr0
> > NM_CONTROLLED=no
> >
> > ifcfg-bond0.200:
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> >
> > ifcfg-cloudbr0:
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> > IPADDR=192.168.1.5
> > GATEWAY=192.168.1.1
> > NETMASK=255.255.254.0
> >
> > ifcfg-cloudbr1:
> > DEVICE=cloudbr1
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> >
> > On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <
> j.zolotarjov@gmail.com
> > >
> > wrote:
> >
> > > Hi Simon,
> > >
> > > I am not using advanced network.
> > >
> > > Here is my network configuration
> > > ifcfg-bond0:
> > > TYPE=Bond
> > > BONDING_MASTER=yes
> > > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > > DEVICE=bond0
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > USERCTL=no
> > > HOTPLUG=no
> > > BRIDGE=cloudbr0
> > > NM_CONTROLLED=no
> > >
> > > ifcfg-bond0.200:
> > > DEVICE=bond0.200
> > > ONBOOT=yes
> > > HOTPLUG=no
> > > BOOTPROTO=none
> > > VLAN=yes
> > > BRIDGE=cloudbr1
> > >
> > > ifcfg-cloudbr0:
> > >
> > > DEVICE=bond0.200
> > > ONBOOT=yes
> > > HOTPLUG=no
> > > BOOTPROTO=none
> > > #TYPE=Ethernet
> > > VLAN=yes
> > > BRIDGE=cloudbr1
> > >
> > > ifcfg-cloudbr0:
> > > DEVICE=cloudbr0
> > > TYPE=Bridge
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > IPV6INIT=no
> > > IPV6_AUTOCONF=no
> > > DELAY=5
> > > STP=yes
> > > IPADDR=192.168.1.5
> > > GATEWAY=192.168.1.1
> > > NETMASK=255.255.254.0
> > >
> > > ifcfg-cloudbr1:
> > > DEVICE=cloudbr1
> > > TYPE=Bridge
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > IPV6INIT=no
> > > IPV6_AUTOCONF=no
> > > DELAY=5
> > > STP=yes
> > >
> > >
> > >
> > > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> > > wrote:
> > >
> > >> Jevgeni,
> > >>
> > >>
> > >> What type of networking are you using on your hosts? If advanced, what
> > >> type of isolation?
> > >>
> > >>
> > >> - Si
> > >>
> > >> ________________________________
> > >> From: Jevgeni Zolotarjov <j....@gmail.com>
> > >> Sent: Wednesday, September 19, 2018 3:17 AM
> > >> To: users@cloudstack.apache.org
> > >> Subject: Unable to communicate to instances on new host - iptables?
> > >>
> > >> Hello!
> > >>
> > >> We are running CS 4.11.1 on CentOS7 (latest)
> > >>
> > >> Previously the installation had just 1 KVM host.
> > >> Now we added another identical host.
> > >> After some configuration hassle with libvirtd, new host is up and
> > running.
> > >>
> > >> I followed strictly the host installation guide for 4.11.
> > >> But instances running on new host are not accessible via tcp/ip.
> Neither
> > >> they can access network.
> > >>
> > >> I found out that stopping iptables on new host resolves the problem.
> But
> > >> this is not the solution, I guess.
> > >>
> > >> Please help.
> > >>
> > >
> >
>
Re: ***UNCHECKED*** Re: Unable to communicate to instances on new host - iptables?

Re: UNCHECKED Re: Unable to communicate to instances on new host - iptables?
