You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Ghaith Bannoura <gb...@etq.com> on 2016/11/21 08:14:30 UTC
Firewall on xenserver
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
AW:Firewall on xenserver
Posted by Jeroen Keerl <je...@keerl-it.com>.
Hi,
I encountered similar issues yesterday on 4.9 on Xen 6.5: although the DNS servers could be pinged, name resolution was not possible. Same for the agent.
I stopped iptables on my xen hosts and it all started working.
I did a quick and dirty “yum remove iptables“ on my xen hosts.
Now everything is stable.
Von meinem Huawei-Mobiltelefon gesendet
-------- Originalnachricht --------
Betreff: RE: Firewall on xenserver
Von: Ghaith Bannoura
An: users@cloudstack.apache.org
Cc:
The purpose for it as below :
1-the system VMs agent showing not running , after I stopped the firewall in xenservers its working normally
2-the instances accessible only when I stop the iptables from xenservers
2- I installed open manage in the servers (Manage hardware for Dell servers) that need changes from iptables )
I have advanced zone with ACS 4.8 and xenserver 6.5
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
Phone: +9626-537-0923 Ext. 376
P Gbannoura@etq.com
G http://www.etq.com
-----Original Message-----
From: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com]
Sent: Monday, November 21, 2016 11:05 AM
To: users@cloudstack.apache.org
Subject: Re: Firewall on xenserver
Hi Ghait,
Can you explain your rationale - i.e. what is the purpose of you changing XenServer firewall rules?
Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930 .
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 08:14, "Ghaith Bannoura" <gb...@etq.com> wrote:
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Jeroen Keerl
Keerl IT Services GmbH
Birkenstraße 1b . 21521 Aumühle
+49 177 6320 317
www.keerl-it.com
info@keerl-it.com
Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511
Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
AW: Firewall on xenserver
Posted by Jeroen Keerl <je...@keerl-it.com>.
Hi Dag,
I've spent the last weeks doing some testing with CS4.9 and Xen 6.5 and I did not have this issue before.
Only the last two tests (yesterday and last week) this behaviour popped up, both with clean Xen installations.
Looking though the last hotfixes, this one might be the culprit, although this is rather a gut feeling.
-----Ursprüngliche Nachricht-----
Von: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com]
Gesendet: Montag, 21. November 2016 10:53
An: users@cloudstack.apache.org
Betreff: Re: Firewall on xenserver
Hi Ghait,
This doesn’t sound like normal behavior for XenServer 6.5 under CloudStack – I’m not aware of any issues requiring the XS firewall to be modified.
I would suggest rebuilding your hosts and re-add to CloudStack. With regards to OpenManage – I can see this does require some tweaking of firewalls (http://blog.hostduplex.com/2015/01/31/install-dell-openmanage-xenserver-6-5/ ) – but even this doesn’t require you to disable the firewall (this blog post suggests just adding a rule and restarting iptables).
All in all my advice would be to troubleshoot and fix the underlying issue rather than disabling iptables – which could be a potential security issue.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 09:39, "Ghaith Bannoura" <gb...@etq.com> wrote:
The purpose for it as below :
1-the system VMs agent showing not running , after I stopped the firewall in xenservers its working normally
2-the instances accessible only when I stop the iptables from xenservers
2- I installed open manage in the servers (Manage hardware for Dell servers) that need changes from iptables )
I have advanced zone with ACS 4.8 and xenserver 6.5
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
Phone: +9626-537-0923 Ext. 376
P Gbannoura@etq.com
G http://www.etq.com
-----Original Message-----
From: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com]
Sent: Monday, November 21, 2016 11:05 AM
To: users@cloudstack.apache.org
Subject: Re: Firewall on xenserver
Hi Ghait,
Can you explain your rationale - i.e. what is the purpose of you changing XenServer firewall rules?
Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930 .
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 08:14, "Ghaith Bannoura" <gb...@etq.com> wrote:
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Jeroen Keerl
Keerl IT Services GmbH
Birkenstraße 1b . 21521 Aumühle
+49 177 6320 317
www.keerl-it.com
info@keerl-it.com
Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511
Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
Re: Firewall on xenserver
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Hi Ghait,
This doesn’t sound like normal behavior for XenServer 6.5 under CloudStack – I’m not aware of any issues requiring the XS firewall to be modified.
I would suggest rebuilding your hosts and re-add to CloudStack. With regards to OpenManage – I can see this does require some tweaking of firewalls (http://blog.hostduplex.com/2015/01/31/install-dell-openmanage-xenserver-6-5/ ) – but even this doesn’t require you to disable the firewall (this blog post suggests just adding a rule and restarting iptables).
All in all my advice would be to troubleshoot and fix the underlying issue rather than disabling iptables – which could be a potential security issue.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 09:39, "Ghaith Bannoura" <gb...@etq.com> wrote:
The purpose for it as below :
1-the system VMs agent showing not running , after I stopped the firewall in xenservers its working normally
2-the instances accessible only when I stop the iptables from xenservers
2- I installed open manage in the servers (Manage hardware for Dell servers) that need changes from iptables )
I have advanced zone with ACS 4.8 and xenserver 6.5
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
Phone: +9626-537-0923 Ext. 376
P Gbannoura@etq.com
G http://www.etq.com
-----Original Message-----
From: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com]
Sent: Monday, November 21, 2016 11:05 AM
To: users@cloudstack.apache.org
Subject: Re: Firewall on xenserver
Hi Ghait,
Can you explain your rationale - i.e. what is the purpose of you changing XenServer firewall rules?
Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930 .
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 08:14, "Ghaith Bannoura" <gb...@etq.com> wrote:
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
RE: Firewall on xenserver
Posted by Ghaith Bannoura <gb...@etq.com>.
The purpose for it as below :
1-the system VMs agent showing not running , after I stopped the firewall in xenservers its working normally
2-the instances accessible only when I stop the iptables from xenservers
2- I installed open manage in the servers (Manage hardware for Dell servers) that need changes from iptables )
I have advanced zone with ACS 4.8 and xenserver 6.5
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
Phone: +9626-537-0923 Ext. 376
P Gbannoura@etq.com
G http://www.etq.com
-----Original Message-----
From: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com]
Sent: Monday, November 21, 2016 11:05 AM
To: users@cloudstack.apache.org
Subject: Re: Firewall on xenserver
Hi Ghait,
Can you explain your rationale - i.e. what is the purpose of you changing XenServer firewall rules?
Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930 .
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 08:14, "Ghaith Bannoura" <gb...@etq.com> wrote:
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Firewall on xenserver
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Hi Ghait,
Can you explain your rationale - i.e. what is the purpose of you changing XenServer firewall rules?
Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930 .
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 21/11/2016, 08:14, "Ghaith Bannoura" <gb...@etq.com> wrote:
Hello All,
I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned back as default , also I stopped the iptables many times and its returned running again .
Can you please advice where I can modify iptables permanently in xenserver .
Best Regards,
EtQ, Inc.
Ghaith Bannoura
Senior System Administrator
MCT, MCSE (Messaging, Server Infrastructure)
MCSA (Windows Server 2008, 2012), MCP
* Phone: +9626-537-0923 Ext. 376
* Gbannoura@etq.com <ma...@etq.com>
* http://www.etq.com<http://www.etq.com/>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue