You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Jevgeni Zolotarjov <j....@gmail.com> on 2018/09/19 08:17:29 UTC
Unable to communicate to instances on new host - iptables?
Hello!
We are running CS 4.11.1 on CentOS7 (latest)
Previously the installation had just 1 KVM host.
Now we added another identical host.
After some configuration hassle with libvirtd, new host is up and running.
I followed strictly the host installation guide for 4.11.
But instances running on new host are not accessible via tcp/ip. Neither
they can access network.
I found out that stopping iptables on new host resolves the problem. But
this is not the solution, I guess.
Please help.
Re: ***UNCHECKED*** Re: Unable to communicate to instances on new
host - iptables?
Posted by Jevgeni Zolotarjov <j....@gmail.com>.
Hello
Can you tell me, how do I find if this is my guest network.
This is what I find in configuration for the guestnetwork:
Name defaultGuestNetwork
Type Shared
State Setup
VPC ID N/A
Persistent No
broadcasturi vlan://untagged
Network CIDR
IPv6 Gateway
IPv6 CIDR
Reserved IP Range
Redundant Router No
Network domain cs1cloud.internal
I guess, the answer to your question is NO. But how do I make proper
configuration?
best regards,
Jevgeni
On Wed, Sep 19, 2018 at 4:53 PM Simon Weller <sw...@ena.com.invalid>
wrote:
> Is your guest network the bond0.200?
>
>
>
>
> ________________________________
> From: Jevgeni Zolotarjov <j....@gmail.com>
> Sent: Wednesday, September 19, 2018 9:34 AM
> To: users@cloudstack.apache.org
> Subject: Re: Unable to communicate to instances on new host - iptables?
>
> sure
>
> iptables:
> *mangle
> :PREROUTING ACCEPT [4215:32894293]
> :INPUT ACCEPT [3585:32849592]
> :FORWARD ACCEPT [756:57998]
> :OUTPUT ACCEPT [3739:715406]
> :POSTROUTING ACCEPT [4495:773404]
> COMMIT
>
> *nat
> :PREROUTING ACCEPT [22:3593]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [3:4508]
> :POSTROUTING ACCEPT [25:8101]
> COMMIT
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [28:1788]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT
> -A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to
> 127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable
> -A INPUT -m comment --comment "Accept all incoming" -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow
> all incoming on established connections" -j ACCEPT
> -A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT
> COMMIT
>
>
> On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <sw...@ena.com.invalid>
> wrote:
>
> > Can you provide your iptables rules on your hosts?
> >
> >
> >
> > ________________________________
> > From: Jevgeni Zolotarjov <j....@gmail.com>
> > Sent: Wednesday, September 19, 2018 9:29 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Unable to communicate to instances on new host - iptables?
> >
> > sorry. corrected network config
> >
> > ifcfg-bond0:
> > TYPE=Bond
> > BONDING_MASTER=yes
> > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > DEVICE=bond0
> > ONBOOT=yes
> > BOOTPROTO=none
> > USERCTL=no
> > HOTPLUG=no
> > BRIDGE=cloudbr0
> > NM_CONTROLLED=no
> >
> > ifcfg-bond0.200:
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> >
> > ifcfg-cloudbr0:
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> > IPADDR=192.168.1.5
> > GATEWAY=192.168.1.1
> > NETMASK=255.255.254.0
> >
> > ifcfg-cloudbr1:
> > DEVICE=cloudbr1
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> >
> > On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <
> j.zolotarjov@gmail.com
> > >
> > wrote:
> >
> > > Hi Simon,
> > >
> > > I am not using advanced network.
> > >
> > > Here is my network configuration
> > > ifcfg-bond0:
> > > TYPE=Bond
> > > BONDING_MASTER=yes
> > > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > > DEVICE=bond0
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > USERCTL=no
> > > HOTPLUG=no
> > > BRIDGE=cloudbr0
> > > NM_CONTROLLED=no
> > >
> > > ifcfg-bond0.200:
> > > DEVICE=bond0.200
> > > ONBOOT=yes
> > > HOTPLUG=no
> > > BOOTPROTO=none
> > > VLAN=yes
> > > BRIDGE=cloudbr1
> > >
> > > ifcfg-cloudbr0:
> > >
> > > DEVICE=bond0.200
> > > ONBOOT=yes
> > > HOTPLUG=no
> > > BOOTPROTO=none
> > > #TYPE=Ethernet
> > > VLAN=yes
> > > BRIDGE=cloudbr1
> > >
> > > ifcfg-cloudbr0:
> > > DEVICE=cloudbr0
> > > TYPE=Bridge
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > IPV6INIT=no
> > > IPV6_AUTOCONF=no
> > > DELAY=5
> > > STP=yes
> > > IPADDR=192.168.1.5
> > > GATEWAY=192.168.1.1
> > > NETMASK=255.255.254.0
> > >
> > > ifcfg-cloudbr1:
> > > DEVICE=cloudbr1
> > > TYPE=Bridge
> > > ONBOOT=yes
> > > BOOTPROTO=none
> > > IPV6INIT=no
> > > IPV6_AUTOCONF=no
> > > DELAY=5
> > > STP=yes
> > >
> > >
> > >
> > > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> > > wrote:
> > >
> > >> Jevgeni,
> > >>
> > >>
> > >> What type of networking are you using on your hosts? If advanced, what
> > >> type of isolation?
> > >>
> > >>
> > >> - Si
> > >>
> > >> ________________________________
> > >> From: Jevgeni Zolotarjov <j....@gmail.com>
> > >> Sent: Wednesday, September 19, 2018 3:17 AM
> > >> To: users@cloudstack.apache.org
> > >> Subject: Unable to communicate to instances on new host - iptables?
> > >>
> > >> Hello!
> > >>
> > >> We are running CS 4.11.1 on CentOS7 (latest)
> > >>
> > >> Previously the installation had just 1 KVM host.
> > >> Now we added another identical host.
> > >> After some configuration hassle with libvirtd, new host is up and
> > running.
> > >>
> > >> I followed strictly the host installation guide for 4.11.
> > >> But instances running on new host are not accessible via tcp/ip.
> Neither
> > >> they can access network.
> > >>
> > >> I found out that stopping iptables on new host resolves the problem.
> But
> > >> this is not the solution, I guess.
> > >>
> > >> Please help.
> > >>
> > >
> >
>
***UNCHECKED*** Re: Unable to communicate to instances on new host -
iptables?
Posted by Simon Weller <sw...@ena.com.INVALID>.
Is your guest network the bond0.200?
________________________________
From: Jevgeni Zolotarjov <j....@gmail.com>
Sent: Wednesday, September 19, 2018 9:34 AM
To: users@cloudstack.apache.org
Subject: Re: Unable to communicate to instances on new host - iptables?
sure
iptables:
*mangle
:PREROUTING ACCEPT [4215:32894293]
:INPUT ACCEPT [3585:32849592]
:FORWARD ACCEPT [756:57998]
:OUTPUT ACCEPT [3739:715406]
:POSTROUTING ACCEPT [4495:773404]
COMMIT
*nat
:PREROUTING ACCEPT [22:3593]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [3:4508]
:POSTROUTING ACCEPT [25:8101]
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [28:1788]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to
127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m comment --comment "Accept all incoming" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow
all incoming on established connections" -j ACCEPT
-A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT
COMMIT
On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <sw...@ena.com.invalid>
wrote:
> Can you provide your iptables rules on your hosts?
>
>
>
> ________________________________
> From: Jevgeni Zolotarjov <j....@gmail.com>
> Sent: Wednesday, September 19, 2018 9:29 AM
> To: users@cloudstack.apache.org
> Subject: Re: Unable to communicate to instances on new host - iptables?
>
> sorry. corrected network config
>
> ifcfg-bond0:
> TYPE=Bond
> BONDING_MASTER=yes
> BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> DEVICE=bond0
> ONBOOT=yes
> BOOTPROTO=none
> USERCTL=no
> HOTPLUG=no
> BRIDGE=cloudbr0
> NM_CONTROLLED=no
>
> ifcfg-bond0.200:
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> VLAN=yes
> BRIDGE=cloudbr1
>
>
> ifcfg-cloudbr0:
> DEVICE=cloudbr0
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
> IPADDR=192.168.1.5
> GATEWAY=192.168.1.1
> NETMASK=255.255.254.0
>
> ifcfg-cloudbr1:
> DEVICE=cloudbr1
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
>
> On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <j.zolotarjov@gmail.com
> >
> wrote:
>
> > Hi Simon,
> >
> > I am not using advanced network.
> >
> > Here is my network configuration
> > ifcfg-bond0:
> > TYPE=Bond
> > BONDING_MASTER=yes
> > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > DEVICE=bond0
> > ONBOOT=yes
> > BOOTPROTO=none
> > USERCTL=no
> > HOTPLUG=no
> > BRIDGE=cloudbr0
> > NM_CONTROLLED=no
> >
> > ifcfg-bond0.200:
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> >
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > #TYPE=Ethernet
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> > IPADDR=192.168.1.5
> > GATEWAY=192.168.1.1
> > NETMASK=255.255.254.0
> >
> > ifcfg-cloudbr1:
> > DEVICE=cloudbr1
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> >
> >
> >
> > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> > wrote:
> >
> >> Jevgeni,
> >>
> >>
> >> What type of networking are you using on your hosts? If advanced, what
> >> type of isolation?
> >>
> >>
> >> - Si
> >>
> >> ________________________________
> >> From: Jevgeni Zolotarjov <j....@gmail.com>
> >> Sent: Wednesday, September 19, 2018 3:17 AM
> >> To: users@cloudstack.apache.org
> >> Subject: Unable to communicate to instances on new host - iptables?
> >>
> >> Hello!
> >>
> >> We are running CS 4.11.1 on CentOS7 (latest)
> >>
> >> Previously the installation had just 1 KVM host.
> >> Now we added another identical host.
> >> After some configuration hassle with libvirtd, new host is up and
> running.
> >>
> >> I followed strictly the host installation guide for 4.11.
> >> But instances running on new host are not accessible via tcp/ip. Neither
> >> they can access network.
> >>
> >> I found out that stopping iptables on new host resolves the problem. But
> >> this is not the solution, I guess.
> >>
> >> Please help.
> >>
> >
>
Re: Unable to communicate to instances on new host - iptables?
Posted by Jevgeni Zolotarjov <j....@gmail.com>.
sure
iptables:
*mangle
:PREROUTING ACCEPT [4215:32894293]
:INPUT ACCEPT [3585:32849592]
:FORWARD ACCEPT [756:57998]
:OUTPUT ACCEPT [3739:715406]
:POSTROUTING ACCEPT [4495:773404]
COMMIT
*nat
:PREROUTING ACCEPT [22:3593]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [3:4508]
:POSTROUTING ACCEPT [25:8101]
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [28:1788]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to
127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m comment --comment "Accept all incoming" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow
all incoming on established connections" -j ACCEPT
-A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT
COMMIT
On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <sw...@ena.com.invalid>
wrote:
> Can you provide your iptables rules on your hosts?
>
>
>
> ________________________________
> From: Jevgeni Zolotarjov <j....@gmail.com>
> Sent: Wednesday, September 19, 2018 9:29 AM
> To: users@cloudstack.apache.org
> Subject: Re: Unable to communicate to instances on new host - iptables?
>
> sorry. corrected network config
>
> ifcfg-bond0:
> TYPE=Bond
> BONDING_MASTER=yes
> BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> DEVICE=bond0
> ONBOOT=yes
> BOOTPROTO=none
> USERCTL=no
> HOTPLUG=no
> BRIDGE=cloudbr0
> NM_CONTROLLED=no
>
> ifcfg-bond0.200:
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> VLAN=yes
> BRIDGE=cloudbr1
>
>
> ifcfg-cloudbr0:
> DEVICE=cloudbr0
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
> IPADDR=192.168.1.5
> GATEWAY=192.168.1.1
> NETMASK=255.255.254.0
>
> ifcfg-cloudbr1:
> DEVICE=cloudbr1
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
>
> On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <j.zolotarjov@gmail.com
> >
> wrote:
>
> > Hi Simon,
> >
> > I am not using advanced network.
> >
> > Here is my network configuration
> > ifcfg-bond0:
> > TYPE=Bond
> > BONDING_MASTER=yes
> > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > DEVICE=bond0
> > ONBOOT=yes
> > BOOTPROTO=none
> > USERCTL=no
> > HOTPLUG=no
> > BRIDGE=cloudbr0
> > NM_CONTROLLED=no
> >
> > ifcfg-bond0.200:
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> >
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > #TYPE=Ethernet
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> > IPADDR=192.168.1.5
> > GATEWAY=192.168.1.1
> > NETMASK=255.255.254.0
> >
> > ifcfg-cloudbr1:
> > DEVICE=cloudbr1
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> >
> >
> >
> > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> > wrote:
> >
> >> Jevgeni,
> >>
> >>
> >> What type of networking are you using on your hosts? If advanced, what
> >> type of isolation?
> >>
> >>
> >> - Si
> >>
> >> ________________________________
> >> From: Jevgeni Zolotarjov <j....@gmail.com>
> >> Sent: Wednesday, September 19, 2018 3:17 AM
> >> To: users@cloudstack.apache.org
> >> Subject: Unable to communicate to instances on new host - iptables?
> >>
> >> Hello!
> >>
> >> We are running CS 4.11.1 on CentOS7 (latest)
> >>
> >> Previously the installation had just 1 KVM host.
> >> Now we added another identical host.
> >> After some configuration hassle with libvirtd, new host is up and
> running.
> >>
> >> I followed strictly the host installation guide for 4.11.
> >> But instances running on new host are not accessible via tcp/ip. Neither
> >> they can access network.
> >>
> >> I found out that stopping iptables on new host resolves the problem. But
> >> this is not the solution, I guess.
> >>
> >> Please help.
> >>
> >
>
Re: Unable to communicate to instances on new host - iptables?
Posted by Simon Weller <sw...@ena.com.INVALID>.
Can you provide your iptables rules on your hosts?
________________________________
From: Jevgeni Zolotarjov <j....@gmail.com>
Sent: Wednesday, September 19, 2018 9:29 AM
To: users@cloudstack.apache.org
Subject: Re: Unable to communicate to instances on new host - iptables?
sorry. corrected network config
ifcfg-bond0:
TYPE=Bond
BONDING_MASTER=yes
BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
HOTPLUG=no
BRIDGE=cloudbr0
NM_CONTROLLED=no
ifcfg-bond0.200:
DEVICE=bond0.200
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
VLAN=yes
BRIDGE=cloudbr1
ifcfg-cloudbr0:
DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
IPADDR=192.168.1.5
GATEWAY=192.168.1.1
NETMASK=255.255.254.0
ifcfg-cloudbr1:
DEVICE=cloudbr1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <j....@gmail.com>
wrote:
> Hi Simon,
>
> I am not using advanced network.
>
> Here is my network configuration
> ifcfg-bond0:
> TYPE=Bond
> BONDING_MASTER=yes
> BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> DEVICE=bond0
> ONBOOT=yes
> BOOTPROTO=none
> USERCTL=no
> HOTPLUG=no
> BRIDGE=cloudbr0
> NM_CONTROLLED=no
>
> ifcfg-bond0.200:
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> VLAN=yes
> BRIDGE=cloudbr1
>
> ifcfg-cloudbr0:
>
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> #TYPE=Ethernet
> VLAN=yes
> BRIDGE=cloudbr1
>
> ifcfg-cloudbr0:
> DEVICE=cloudbr0
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
> IPADDR=192.168.1.5
> GATEWAY=192.168.1.1
> NETMASK=255.255.254.0
>
> ifcfg-cloudbr1:
> DEVICE=cloudbr1
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
>
>
>
> On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> wrote:
>
>> Jevgeni,
>>
>>
>> What type of networking are you using on your hosts? If advanced, what
>> type of isolation?
>>
>>
>> - Si
>>
>> ________________________________
>> From: Jevgeni Zolotarjov <j....@gmail.com>
>> Sent: Wednesday, September 19, 2018 3:17 AM
>> To: users@cloudstack.apache.org
>> Subject: Unable to communicate to instances on new host - iptables?
>>
>> Hello!
>>
>> We are running CS 4.11.1 on CentOS7 (latest)
>>
>> Previously the installation had just 1 KVM host.
>> Now we added another identical host.
>> After some configuration hassle with libvirtd, new host is up and running.
>>
>> I followed strictly the host installation guide for 4.11.
>> But instances running on new host are not accessible via tcp/ip. Neither
>> they can access network.
>>
>> I found out that stopping iptables on new host resolves the problem. But
>> this is not the solution, I guess.
>>
>> Please help.
>>
>
Re: Unable to communicate to instances on new host - iptables?
Posted by Jevgeni Zolotarjov <j....@gmail.com>.
sorry. corrected network config
ifcfg-bond0:
TYPE=Bond
BONDING_MASTER=yes
BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
HOTPLUG=no
BRIDGE=cloudbr0
NM_CONTROLLED=no
ifcfg-bond0.200:
DEVICE=bond0.200
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
VLAN=yes
BRIDGE=cloudbr1
ifcfg-cloudbr0:
DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
IPADDR=192.168.1.5
GATEWAY=192.168.1.1
NETMASK=255.255.254.0
ifcfg-cloudbr1:
DEVICE=cloudbr1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <j....@gmail.com>
wrote:
> Hi Simon,
>
> I am not using advanced network.
>
> Here is my network configuration
> ifcfg-bond0:
> TYPE=Bond
> BONDING_MASTER=yes
> BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> DEVICE=bond0
> ONBOOT=yes
> BOOTPROTO=none
> USERCTL=no
> HOTPLUG=no
> BRIDGE=cloudbr0
> NM_CONTROLLED=no
>
> ifcfg-bond0.200:
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> VLAN=yes
> BRIDGE=cloudbr1
>
> ifcfg-cloudbr0:
>
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> #TYPE=Ethernet
> VLAN=yes
> BRIDGE=cloudbr1
>
> ifcfg-cloudbr0:
> DEVICE=cloudbr0
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
> IPADDR=192.168.1.5
> GATEWAY=192.168.1.1
> NETMASK=255.255.254.0
>
> ifcfg-cloudbr1:
> DEVICE=cloudbr1
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
>
>
>
> On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
> wrote:
>
>> Jevgeni,
>>
>>
>> What type of networking are you using on your hosts? If advanced, what
>> type of isolation?
>>
>>
>> - Si
>>
>> ________________________________
>> From: Jevgeni Zolotarjov <j....@gmail.com>
>> Sent: Wednesday, September 19, 2018 3:17 AM
>> To: users@cloudstack.apache.org
>> Subject: Unable to communicate to instances on new host - iptables?
>>
>> Hello!
>>
>> We are running CS 4.11.1 on CentOS7 (latest)
>>
>> Previously the installation had just 1 KVM host.
>> Now we added another identical host.
>> After some configuration hassle with libvirtd, new host is up and running.
>>
>> I followed strictly the host installation guide for 4.11.
>> But instances running on new host are not accessible via tcp/ip. Neither
>> they can access network.
>>
>> I found out that stopping iptables on new host resolves the problem. But
>> this is not the solution, I guess.
>>
>> Please help.
>>
>
Re: Unable to communicate to instances on new host - iptables?
Posted by Jevgeni Zolotarjov <j....@gmail.com>.
Hi Simon,
I am not using advanced network.
Here is my network configuration
ifcfg-bond0:
TYPE=Bond
BONDING_MASTER=yes
BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
HOTPLUG=no
BRIDGE=cloudbr0
NM_CONTROLLED=no
ifcfg-bond0.200:
DEVICE=bond0.200
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
VLAN=yes
BRIDGE=cloudbr1
ifcfg-cloudbr0:
DEVICE=bond0.200
ONBOOT=yes
HOTPLUG=no
BOOTPROTO=none
#TYPE=Ethernet
VLAN=yes
BRIDGE=cloudbr1
ifcfg-cloudbr0:
DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
IPADDR=192.168.1.5
GATEWAY=192.168.1.1
NETMASK=255.255.254.0
ifcfg-cloudbr1:
DEVICE=cloudbr1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=yes
On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sw...@ena.com.invalid>
wrote:
> Jevgeni,
>
>
> What type of networking are you using on your hosts? If advanced, what
> type of isolation?
>
>
> - Si
>
> ________________________________
> From: Jevgeni Zolotarjov <j....@gmail.com>
> Sent: Wednesday, September 19, 2018 3:17 AM
> To: users@cloudstack.apache.org
> Subject: Unable to communicate to instances on new host - iptables?
>
> Hello!
>
> We are running CS 4.11.1 on CentOS7 (latest)
>
> Previously the installation had just 1 KVM host.
> Now we added another identical host.
> After some configuration hassle with libvirtd, new host is up and running.
>
> I followed strictly the host installation guide for 4.11.
> But instances running on new host are not accessible via tcp/ip. Neither
> they can access network.
>
> I found out that stopping iptables on new host resolves the problem. But
> this is not the solution, I guess.
>
> Please help.
>
Re: Unable to communicate to instances on new host - iptables?
Posted by Simon Weller <sw...@ena.com.INVALID>.
Jevgeni,
What type of networking are you using on your hosts? If advanced, what type of isolation?
- Si
________________________________
From: Jevgeni Zolotarjov <j....@gmail.com>
Sent: Wednesday, September 19, 2018 3:17 AM
To: users@cloudstack.apache.org
Subject: Unable to communicate to instances on new host - iptables?
Hello!
We are running CS 4.11.1 on CentOS7 (latest)
Previously the installation had just 1 KVM host.
Now we added another identical host.
After some configuration hassle with libvirtd, new host is up and running.
I followed strictly the host installation guide for 4.11.
But instances running on new host are not accessible via tcp/ip. Neither
they can access network.
I found out that stopping iptables on new host resolves the problem. But
this is not the solution, I guess.
Please help.