You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Brandon Arms <BA...@dsscorp.com> on 2013/04/30 17:56:06 UTC
virtual router iptables
Has anyone had success in modifying the iptables on a virtual router and making those changes persistent?
Brandon Arms
RE: virtual router iptables
Posted by Oliver Leach <Ol...@tatacommunications.com>.
You could try something like this:
echo "iptables -I INPUT 4 -s [source subnet] -p udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT>> /etc/rc.local
I had to use that method once for a nagios install.
Oliver
--
-----Original Message-----
From: Brandon Arms [mailto:BArms@dsscorp.com]
Sent: Tuesday, April 30, 2013 5:15 PM
To: users@cloudstack.apache.org
Subject: RE: virtual router iptables
Testing snmp polling of the virtual routers, via their public ip addresses, to retrieve bandwidth info used on the public facing virtual router interface. I had to add a rule to iptables allowing this, which works, and wanted to make it persistent.
iptables -A INPUT -s [source subnet] -p udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
I also ran the following on the vrouter which seems to survive the reboot:
apt-get install snmpd
apt-get install snmp
apt-get install snmp-mibs-downloader
sudo download-mibs
chkconfig --add snmpd
chkconfig snmpd on
my experience is not in linux, but I was able to achieve what I wanted with the exception of making the iptables rule persistent.
Brandon Arms
-----Original Message-----
From: Mathias Mullins [mailto:mathias.mullins@citrix.com]
Sent: Tuesday, April 30, 2013 12:01 PM
To: users@cloudstack.apache.org
Subject: Re: virtual router iptables
Hi Brandon,
My question is what changes would you look at making and what would the use case be?
As for making them persistent, that is nearly impossible since they are part of the template and they will get overridden upon reboot.
Thanks,
Matt
On 4/30/13 8:56 AM, "Brandon Arms" <BA...@dsscorp.com> wrote:
>Has anyone had success in modifying the iptables on a virtual router
>and making those changes persistent?
>
>Brandon Arms
RE: virtual router iptables
Posted by Brandon Arms <BA...@dsscorp.com>.
Testing snmp polling of the virtual routers, via their public ip addresses, to retrieve bandwidth info used on the public facing virtual router interface. I had to add a rule to iptables allowing this, which works, and wanted to make it persistent.
iptables -A INPUT -s [source subnet] -p udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
I also ran the following on the vrouter which seems to survive the reboot:
apt-get install snmpd
apt-get install snmp
apt-get install snmp-mibs-downloader
sudo download-mibs
chkconfig --add snmpd
chkconfig snmpd on
my experience is not in linux, but I was able to achieve what I wanted with the exception of making the iptables rule persistent.
Brandon Arms
-----Original Message-----
From: Mathias Mullins [mailto:mathias.mullins@citrix.com]
Sent: Tuesday, April 30, 2013 12:01 PM
To: users@cloudstack.apache.org
Subject: Re: virtual router iptables
Hi Brandon,
My question is what changes would you look at making and what would the use case be?
As for making them persistent, that is nearly impossible since they are part of the template and they will get overridden upon reboot.
Thanks,
Matt
On 4/30/13 8:56 AM, "Brandon Arms" <BA...@dsscorp.com> wrote:
>Has anyone had success in modifying the iptables on a virtual router
>and making those changes persistent?
>
>Brandon Arms
Re: virtual router iptables
Posted by Mathias Mullins <ma...@citrix.com>.
Hi Brandon,
My question is what changes would you look at making and what would the
use case be?
As for making them persistent, that is nearly impossible since they are
part of the template and they will get overridden upon reboot.
Thanks,
Matt
On 4/30/13 8:56 AM, "Brandon Arms" <BA...@dsscorp.com> wrote:
>Has anyone had success in modifying the iptables on a virtual router and
>making those changes persistent?
>
>Brandon Arms