You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Nik Martin <ni...@nfinausa.com> on 2012/12/01 19:29:02 UTC
Re: ICMP traffic will not traverse
On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
> The Security policies in place show 0.0.0.0/0 allowing ports 0-65535
> on UDP and TCP. I have tried to do the same thing with ICMP but with
> no luck.
>
Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP,
with type 8 (echo) and code 0
THEN make sure the vm you are pinging is not also dropping pings via
some firewall rule.
> ---
> Michael Hart-Jones BEng
> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
> Tel: (01227) 750555
> Fax: (01227) 750070
>
> On 26/11/12 16:57, Boylan, James wrote:
>>
>> This is a normal behavior for VMs within an isolated basic network.
>> They don’t pass any traffic except port 22 for SSH and that only
>> works if the egress rules are in place.
>>
>> --James
>>
>> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
>> *Sent:* Monday, November 26, 2012 10:50 AM
>> *To:* cloudstack-users@incubator.apache.org
>> *Subject:* ICMP traffic will not traverse
>>
>> I am having an issue with my servers. The setup is as follows
>>
>> _Management Server, Host1 and Host2_
>> Centos 6.2
>> Cloudstack 3.0.2
>>
>> The server was setup by a collegue who has left since but I have
>> noticed that we do not have the ability to send ICMP traffic to our
>> virtualised hosts, prime example being ping.
>> I can see he has setup basic networking, and I do not have the time
>> to try and change this over. I have tried to setup the security
>> policies to allow it but I cannot get any response. Has anyone got
>> any ideas where I should start looking?
>>
>> ---
>>
>> Michael Hart-Jones BEng
>>
>>
>>
>>
>>
>> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
>>
>>
>>
>> Tel: (01227) 750555
>>
>>
>>
>> Fax: (01227) 750070
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> *************************************************************************************************
>> Disclaimer: This message may only be read in context and with common
>> sense.
>> If concerned by it or in doubt, please destroy it. If this message is
>> not meant for you,
>> we have made a mistake and would appreciate your help. We promise
>> that we mean
>> no offence and will endeavour to rectify our mistake.
>>
>> Our full contact details can be found on www.accessit.co.uk
>> <http://www.accessit.co.uk>
>>
>> Company number: 3117204
>> *************************************************************************************************
>>
>
>
>
> ------------------------------------------------------------------------
> *************************************************************************************************
> Disclaimer: This message may only be read in context and with common
> sense.
> If concerned by it or in doubt, please destroy it. If this message is
> not meant for you,
> we have made a mistake and would appreciate your help. We promise that
> we mean
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk
>
> Company number: 3117204
> *************************************************************************************************
Re: ICMP traffic will not traverse
Posted by Michael Hart-Jones <mh...@accessit.co.uk>.
And that was the end of that problem. Thank you guys.
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
On 03/12/12 19:18, Chiradeep Vittal wrote:
> Icmp type/code any/any maps to –1/-1 in the API, not 0/0
>
> From: Michael Hart-Jones <mhartjones@accessit.co.uk
> <ma...@accessit.co.uk>>
> Reply-To: CloudStack Users <cloudstack-users@incubator.apache.org
> <ma...@incubator.apache.org>>
> Date: Mon, 3 Dec 2012 04:04:56 -0800
> To: CloudStack Users <cloudstack-users@incubator.apache.org
> <ma...@incubator.apache.org>>
> Subject: Re: ICMP traffic will not traverse
>
> Thanks Jayapal,
> The systems are accessable on UDP and TCP protocols due to the current
> security policy.
>
> Current rules allow traffic ingress on ports 0 - 65535 on UDP and TCP
> to 0.0.0.0/0, and on the egress to, and there are no issues with this.
> However the ICMP is setup with type 0 and code 0 to 0.0.0.0/0, I have
> also setup type 8 and code 0, the type and code used by ping, to
> 0.0.0.0/0 but have no luck.
>
> Any other thoughts?
> ---
> Michael Hart-Jones BEng
> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
> Tel: (01227) 750555
> Fax: (01227) 750070
>
> On 03/12/12 11:57, Jayapal Reddy Uradi wrote:
>>
>> You can’t ping the guest VM from the public network.
>>
>> Adding icmp rule on public IP allows to ping only public IP but not
>> the guest VM.
>>
>> From cloudstack UI you can reach the guest VM tcp/udp ports.
>>
>> Below are the steps to ssh to guest vm from the public network:
>>
>> 1.Aquire public IP P1, on the network.
>>
>> 2.Add firewall rule 0.0.0.0/0 tcp 22-22
>>
>> 3.Add port forwarding rule with ports 22-22 and guest VM.
>>
>> 4.After this ssh to P1 will gives the access to guest VM.
>>
>> Thanks,
>>
>> Jayapal
>>
>> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
>> *Sent:* Monday, December 03, 2012 3:24 PM
>> *To:* cloudstack-users@incubator.apache.org
>> *Subject:* Re: ICMP traffic will not traverse
>>
>> Thanks for that Nik,
>> I have tried that and I still get no response back. The instances
>> have no firewall in place.
>> ---
>>
>> Michael Hart-Jones BEng
>>
>>
>>
>>
>>
>> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
>>
>>
>>
>> Tel: (01227) 750555
>>
>>
>>
>> Fax: (01227) 750070
>>
>>
>>
>> On 01/12/12 18:29, Nik Martin wrote:
>>
>> On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
>>
>> The Security policies in place show 0.0.0.0/0 allowing ports
>> 0-65535 on UDP and TCP. I have tried to do the same thing with
>> ICMP but with no luck.
>>
>> Make sure you also create a rule for cidr 0.0.0.0/0 on protocol
>> ICMP, with type 8 (echo) and code 0
>> THEN make sure the vm you are pinging is not also dropping pings
>> via some firewall rule.
>>
>>
>> ---
>> Michael Hart-Jones BEng
>> E-Mail: mhartjones@accessit.co.uk
>> <ma...@accessit.co.uk>
>> <ma...@accessit.co.uk>
>> <ma...@accessit.co.uk>
>> Tel: (01227) 750555
>> Fax: (01227) 750070
>>
>> On 26/11/12 16:57, Boylan, James wrote:
>>
>>
>> This is a normal behavior for VMs within an isolated basic
>> network. They don’t pass any traffic except port 22 for SSH and
>> that only works if the egress rules are in place.
>>
>> --James
>>
>> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
>> *Sent:* Monday, November 26, 2012 10:50 AM
>> *To:* cloudstack-users@incubator.apache.org
>> <ma...@incubator.apache.org>
>> *Subject:* ICMP traffic will not traverse
>>
>> I am having an issue with my servers. The setup is as follows
>>
>> _Management Server, Host1 and Host2_
>> Centos 6.2
>> Cloudstack 3.0.2
>>
>> The server was setup by a collegue who has left since but I have
>> noticed that we do not have the ability to send ICMP traffic to
>> our virtualised hosts, prime example being ping.
>> I can see he has setup basic networking, and I do not have the
>> time to try and change this over. I have tried to setup the
>> security policies to allow it but I cannot get any response. Has
>> anyone got any ideas where I should start looking?
>>
>> ---
>>
>> Michael Hart-Jones BEng
>>
>>
>>
>>
>>
>> E-Mail: mhartjones@accessit.co.uk
>> <ma...@accessit.co.uk>
>> <ma...@accessit.co.uk>
>> <ma...@accessit.co.uk>
>>
>>
>>
>> Tel: (01227) 750555
>>
>>
>>
>> Fax: (01227) 750070
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> *************************************************************************************************
>>
>> Disclaimer: This message may only be read in context and with
>> common sense.
>> If concerned by it or in doubt, please destroy it. If this
>> message is not meant for you,
>> we have made a mistake and would appreciate your help. We promise
>> that we mean
>> no offence and will endeavour to rectify our mistake.
>>
>> Our full contact details can be found on www.accessit.co.uk
>> <http://www.accessit.co.uk> <http://www.accessit.co.uk>
>> <http://www.accessit.co.uk>
>>
>> Company number: 3117204
>> *************************************************************************************************
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> *************************************************************************************************
>>
>> Disclaimer: This message may only be read in context and with
>> common sense.
>> If concerned by it or in doubt, please destroy it. If this
>> message is not meant for you,
>> we have made a mistake and would appreciate your help. We promise
>> that we mean
>> no offence and will endeavour to rectify our mistake.
>>
>> Our full contact details can be found on www.accessit.co.uk
>> <http://www.accessit.co.uk>
>>
>> Company number: 3117204
>> *************************************************************************************************
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> *************************************************************************************************
>> Disclaimer: This message may only be read in context and with common sense.
>>
>> If concerned by it or in doubt, please destroy it. If this message is not meant for you,
>>
>> we have made a mistake and would appreciate your help. We promise that we mean
>>
>> no offence and will endeavour to rectify our mistake.
>>
>> Our full contact details can be found on www.accessit.co.uk
>> <http://www.accessit.co.uk>
>>
>> Company number: 3117204
>> *************************************************************************************************
>>
>
>
>
> ------------------------------------------------------------------------
> *************************************************************************************************
> Disclaimer: This message may only be read in context and with common sense.
>
> If concerned by it or in doubt, please destroy it. If this message is not meant for you,
>
> we have made a mistake and would appreciate your help. We promise that we mean
>
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk
>
> Company number: 3117204
> *************************************************************************************************
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk
Company number: 3117204
*************************************************************************************************
Re: ICMP traffic will not traverse
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Icmp type/code any/any maps to –1/-1 in the API, not 0/0
From: Michael Hart-Jones <mh...@accessit.co.uk>>
Reply-To: CloudStack Users <cl...@incubator.apache.org>>
Date: Mon, 3 Dec 2012 04:04:56 -0800
To: CloudStack Users <cl...@incubator.apache.org>>
Subject: Re: ICMP traffic will not traverse
Thanks Jayapal,
The systems are accessable on UDP and TCP protocols due to the current security policy.
Current rules allow traffic ingress on ports 0 - 65535 on UDP and TCP to 0.0.0.0/0, and on the egress to, and there are no issues with this.
However the ICMP is setup with type 0 and code 0 to 0.0.0.0/0, I have also setup type 8 and code 0, the type and code used by ping, to 0.0.0.0/0 but have no luck.
Any other thoughts?
---
Michael Hart-Jones BEng [cid:part1.01020400.01010001@accessit.co.uk]
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
[cid:part3.02030800.03060804@accessit.co.uk]
On 03/12/12 11:57, Jayapal Reddy Uradi wrote:
You can’t ping the guest VM from the public network.
Adding icmp rule on public IP allows to ping only public IP but not the guest VM.
>From cloudstack UI you can reach the guest VM tcp/udp ports.
Below are the steps to ssh to guest vm from the public network:
1. Aquire public IP P1, on the network.
2. Add firewall rule 0.0.0.0/0 tcp 22-22
3. Add port forwarding rule with ports 22-22 and guest VM.
4. After this ssh to P1 will gives the access to guest VM.
Thanks,
Jayapal
From: Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
Sent: Monday, December 03, 2012 3:24 PM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Re: ICMP traffic will not traverse
Thanks for that Nik,
I have tried that and I still get no response back. The instances have no firewall in place.
---
Michael Hart-Jones BEng
[cid:image001.png@01CDD17B.737F2F30]
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
[cid:image002.png@01CDD17B.737F2F30]
On 01/12/12 18:29, Nik Martin wrote:
On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
The Security policies in place show 0.0.0.0/0 allowing ports 0-65535 on UDP and TCP. I have tried to do the same thing with ICMP but with no luck.
Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP, with type 8 (echo) and code 0
THEN make sure the vm you are pinging is not also dropping pings via some firewall rule.
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk> <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
On 26/11/12 16:57, Boylan, James wrote:
This is a normal behavior for VMs within an isolated basic network. They don’t pass any traffic except port 22 for SSH and that only works if the egress rules are in place.
--James
*From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
*Sent:* Monday, November 26, 2012 10:50 AM
*To:* cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
*Subject:* ICMP traffic will not traverse
I am having an issue with my servers. The setup is as follows
_Management Server, Host1 and Host2_
Centos 6.2
Cloudstack 3.0.2
The server was setup by a collegue who has left since but I have noticed that we do not have the ability to send ICMP traffic to our virtualised hosts, prime example being ping.
I can see he has setup basic networking, and I do not have the time to try and change this over. I have tried to setup the security policies to allow it but I cannot get any response. Has anyone got any ideas where I should start looking?
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk> <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
------------------------------------------------------------------------
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk> <http://www.accessit.co.uk><http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
------------------------------------------------------------------------
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
________________________________
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
________________________________
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk
Company number: 3117204
*************************************************************************************************
Re: ICMP traffic will not traverse
Posted by Michael Hart-Jones <mh...@accessit.co.uk>.
Thanks Jayapal,
The systems are accessable on UDP and TCP protocols due to the current
security policy.
Current rules allow traffic ingress on ports 0 - 65535 on UDP and TCP to
0.0.0.0/0, and on the egress to, and there are no issues with this.
However the ICMP is setup with type 0 and code 0 to 0.0.0.0/0, I have
also setup type 8 and code 0, the type and code used by ping, to
0.0.0.0/0 but have no luck.
Any other thoughts?
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
On 03/12/12 11:57, Jayapal Reddy Uradi wrote:
>
> You can't ping the guest VM from the public network.
>
> Adding icmp rule on public IP allows to ping only public IP but not
> the guest VM.
>
> From cloudstack UI you can reach the guest VM tcp/udp ports.
>
> Below are the steps to ssh to guest vm from the public network:
>
> 1.Aquire public IP P1, on the network.
>
> 2.Add firewall rule 0.0.0.0/0 tcp 22-22
>
> 3.Add port forwarding rule with ports 22-22 and guest VM.
>
> 4.After this ssh to P1 will gives the access to guest VM.
>
> Thanks,
>
> Jayapal
>
> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
> *Sent:* Monday, December 03, 2012 3:24 PM
> *To:* cloudstack-users@incubator.apache.org
> *Subject:* Re: ICMP traffic will not traverse
>
> Thanks for that Nik,
> I have tried that and I still get no response back. The instances
> have no firewall in place.
> ---
>
> Michael Hart-Jones BEng
>
>
>
>
>
> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
>
>
>
> Tel: (01227) 750555
>
>
>
> Fax: (01227) 750070
>
>
>
> On 01/12/12 18:29, Nik Martin wrote:
>
> On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
>
> The Security policies in place show 0.0.0.0/0 allowing ports
> 0-65535 on UDP and TCP. I have tried to do the same thing with
> ICMP but with no luck.
>
> Make sure you also create a rule for cidr 0.0.0.0/0 on protocol
> ICMP, with type 8 (echo) and code 0
> THEN make sure the vm you are pinging is not also dropping pings
> via some firewall rule.
>
>
> ---
> Michael Hart-Jones BEng
> E-Mail: mhartjones@accessit.co.uk
> <ma...@accessit.co.uk>
> <ma...@accessit.co.uk> <ma...@accessit.co.uk>
> Tel: (01227) 750555
> Fax: (01227) 750070
>
> On 26/11/12 16:57, Boylan, James wrote:
>
>
> This is a normal behavior for VMs within an isolated basic
> network. They don't pass any traffic except port 22 for SSH and
> that only works if the egress rules are in place.
>
> --James
>
> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
> *Sent:* Monday, November 26, 2012 10:50 AM
> *To:* cloudstack-users@incubator.apache.org
> <ma...@incubator.apache.org>
> *Subject:* ICMP traffic will not traverse
>
> I am having an issue with my servers. The setup is as follows
>
> _Management Server, Host1 and Host2_
> Centos 6.2
> Cloudstack 3.0.2
>
> The server was setup by a collegue who has left since but I have
> noticed that we do not have the ability to send ICMP traffic to
> our virtualised hosts, prime example being ping.
> I can see he has setup basic networking, and I do not have the
> time to try and change this over. I have tried to setup the
> security policies to allow it but I cannot get any response. Has
> anyone got any ideas where I should start looking?
>
> ---
>
> Michael Hart-Jones BEng
>
>
>
>
>
> E-Mail: mhartjones@accessit.co.uk
> <ma...@accessit.co.uk>
> <ma...@accessit.co.uk> <ma...@accessit.co.uk>
>
>
>
> Tel: (01227) 750555
>
>
>
> Fax: (01227) 750070
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
> *************************************************************************************************
>
> Disclaimer: This message may only be read in context and with
> common sense.
> If concerned by it or in doubt, please destroy it. If this message
> is not meant for you,
> we have made a mistake and would appreciate your help. We promise
> that we mean
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk
> <http://www.accessit.co.uk> <http://www.accessit.co.uk>
> <http://www.accessit.co.uk>
>
> Company number: 3117204
> *************************************************************************************************
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *************************************************************************************************
>
> Disclaimer: This message may only be read in context and with
> common sense.
> If concerned by it or in doubt, please destroy it. If this message
> is not meant for you,
> we have made a mistake and would appreciate your help. We promise
> that we mean
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk
> <http://www.accessit.co.uk>
>
> Company number: 3117204
> *************************************************************************************************
>
>
>
>
> ------------------------------------------------------------------------
>
> *************************************************************************************************
> Disclaimer: This message may only be read in context and with common sense.
>
> If concerned by it or in doubt, please destroy it. If this message is not meant for you,
>
> we have made a mistake and would appreciate your help. We promise that we mean
>
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk
> <http://www.accessit.co.uk>
>
> Company number: 3117204
> *************************************************************************************************
>
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk
Company number: 3117204
*************************************************************************************************
RE: ICMP traffic will not traverse
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
You can't ping the guest VM from the public network.
Adding icmp rule on public IP allows to ping only public IP but not the guest VM.
>From cloudstack UI you can reach the guest VM tcp/udp ports.
Below are the steps to ssh to guest vm from the public network:
1. Aquire public IP P1, on the network.
2. Add firewall rule 0.0.0.0/0 tcp 22-22
3. Add port forwarding rule with ports 22-22 and guest VM.
4. After this ssh to P1 will gives the access to guest VM.
Thanks,
Jayapal
From: Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
Sent: Monday, December 03, 2012 3:24 PM
To: cloudstack-users@incubator.apache.org
Subject: Re: ICMP traffic will not traverse
Thanks for that Nik,
I have tried that and I still get no response back. The instances have no firewall in place.
---
Michael Hart-Jones BEng
[cid:image001.png@01CDD17B.737F2F30]
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
[cid:image002.png@01CDD17B.737F2F30]
On 01/12/12 18:29, Nik Martin wrote:
On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
The Security policies in place show 0.0.0.0/0 allowing ports 0-65535 on UDP and TCP. I have tried to do the same thing with ICMP but with no luck.
Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP, with type 8 (echo) and code 0
THEN make sure the vm you are pinging is not also dropping pings via some firewall rule.
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk> <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
On 26/11/12 16:57, Boylan, James wrote:
This is a normal behavior for VMs within an isolated basic network. They don't pass any traffic except port 22 for SSH and that only works if the egress rules are in place.
--James
*From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
*Sent:* Monday, November 26, 2012 10:50 AM
*To:* cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
*Subject:* ICMP traffic will not traverse
I am having an issue with my servers. The setup is as follows
_Management Server, Host1 and Host2_
Centos 6.2
Cloudstack 3.0.2
The server was setup by a collegue who has left since but I have noticed that we do not have the ability to send ICMP traffic to our virtualised hosts, prime example being ping.
I can see he has setup basic networking, and I do not have the time to try and change this over. I have tried to setup the security policies to allow it but I cannot get any response. Has anyone got any ideas where I should start looking?
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk<ma...@accessit.co.uk> <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
------------------------------------------------------------------------
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk> <http://www.accessit.co.uk><http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
------------------------------------------------------------------------
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
________________________________
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>
Company number: 3117204
*************************************************************************************************
Re: ICMP traffic will not traverse
Posted by Michael Hart-Jones <mh...@accessit.co.uk>.
Thanks for that Nik,
I have tried that and I still get no response back. The instances have
no firewall in place.
---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070
On 01/12/12 18:29, Nik Martin wrote:
> On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
>> The Security policies in place show 0.0.0.0/0 allowing ports 0-65535
>> on UDP and TCP. I have tried to do the same thing with ICMP but with
>> no luck.
>>
> Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP,
> with type 8 (echo) and code 0
> THEN make sure the vm you are pinging is not also dropping pings via
> some firewall rule.
>
>> ---
>> Michael Hart-Jones BEng
>> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
>> Tel: (01227) 750555
>> Fax: (01227) 750070
>>
>> On 26/11/12 16:57, Boylan, James wrote:
>>>
>>> This is a normal behavior for VMs within an isolated basic network.
>>> They don’t pass any traffic except port 22 for SSH and that only
>>> works if the egress rules are in place.
>>>
>>> --James
>>>
>>> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
>>> *Sent:* Monday, November 26, 2012 10:50 AM
>>> *To:* cloudstack-users@incubator.apache.org
>>> *Subject:* ICMP traffic will not traverse
>>>
>>> I am having an issue with my servers. The setup is as follows
>>>
>>> _Management Server, Host1 and Host2_
>>> Centos 6.2
>>> Cloudstack 3.0.2
>>>
>>> The server was setup by a collegue who has left since but I have
>>> noticed that we do not have the ability to send ICMP traffic to our
>>> virtualised hosts, prime example being ping.
>>> I can see he has setup basic networking, and I do not have the time
>>> to try and change this over. I have tried to setup the security
>>> policies to allow it but I cannot get any response. Has anyone got
>>> any ideas where I should start looking?
>>>
>>> ---
>>>
>>> Michael Hart-Jones BEng
>>>
>>>
>>>
>>>
>>>
>>> E-Mail: mhartjones@accessit.co.uk <ma...@accessit.co.uk>
>>>
>>>
>>>
>>> Tel: (01227) 750555
>>>
>>>
>>>
>>> Fax: (01227) 750070
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> *************************************************************************************************
>>>
>>> Disclaimer: This message may only be read in context and with common
>>> sense.
>>> If concerned by it or in doubt, please destroy it. If this message
>>> is not meant for you,
>>> we have made a mistake and would appreciate your help. We promise
>>> that we mean
>>> no offence and will endeavour to rectify our mistake.
>>>
>>> Our full contact details can be found on www.accessit.co.uk
>>> <http://www.accessit.co.uk>
>>>
>>> Company number: 3117204
>>> *************************************************************************************************
>>>
>>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> *************************************************************************************************
>>
>> Disclaimer: This message may only be read in context and with common
>> sense.
>> If concerned by it or in doubt, please destroy it. If this message is
>> not meant for you,
>> we have made a mistake and would appreciate your help. We promise
>> that we mean
>> no offence and will endeavour to rectify our mistake.
>>
>> Our full contact details can be found on www.accessit.co.uk
>>
>> Company number: 3117204
>> *************************************************************************************************
>>
>
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.
Our full contact details can be found on www.accessit.co.uk
Company number: 3117204
*************************************************************************************************