You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Marcus Sorensen <sh...@gmail.com> on 2013/03/14 04:42:30 UTC
basic zone security groups
Quick question, I deployed a basic zone today on 4.1 for testing, and
I chose the default network provider WITHOUT security groups. The
result was that all of the instances deployed could not host services.
They could get out, but nothing could reach their IPs. I ran an
'ebtables -t nat -L' and saw that there were rules set up for each
instance, but there were no security group settings available to
adjust. Is this a bug, or was I doing something wrong?
Re: basic zone security groups
Posted by Marcus Sorensen <sh...@gmail.com>.
Yes, that's exactly what I did. ebtables -F on the instance's inbound
chain. It was the 'DefaultSharedNetworkOffering'. I assumed there were
at least ebtables rules to keep the VM from using IP addresses it
didn't own, but this was like I had security groups turned on, without
the ability to edit the default group. I'd look into it but I'm not
entirely sure what's supposed to happen, as I'm used to the advanced
networking zones sans security groups.
I'll file a bug in jira.
On Wed, Mar 13, 2013 at 9:45 PM, Ahmad Emneina <ae...@gmail.com> wrote:
> If ebtables -F restores vm service(s)... it sounds like a bug.
>
>
> On Wed, Mar 13, 2013 at 8:42 PM, Marcus Sorensen <sh...@gmail.com>wrote:
>
>> Quick question, I deployed a basic zone today on 4.1 for testing, and
>> I chose the default network provider WITHOUT security groups. The
>> result was that all of the instances deployed could not host services.
>> They could get out, but nothing could reach their IPs. I ran an
>> 'ebtables -t nat -L' and saw that there were rules set up for each
>> instance, but there were no security group settings available to
>> adjust. Is this a bug, or was I doing something wrong?
>>
Re: basic zone security groups
Posted by Ahmad Emneina <ae...@gmail.com>.
If ebtables -F restores vm service(s)... it sounds like a bug.
On Wed, Mar 13, 2013 at 8:42 PM, Marcus Sorensen <sh...@gmail.com>wrote:
> Quick question, I deployed a basic zone today on 4.1 for testing, and
> I chose the default network provider WITHOUT security groups. The
> result was that all of the instances deployed could not host services.
> They could get out, but nothing could reach their IPs. I ran an
> 'ebtables -t nat -L' and saw that there were rules set up for each
> instance, but there were no security group settings available to
> adjust. Is this a bug, or was I doing something wrong?
>