You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by soundar rajan <bs...@gmail.com> on 2019/03/01 05:27:22 UTC
Re: Not able to access the vm from outside network
Hi Jon,
Thanks that fix's the error but still i am not able to ping the vm
2019-03-01 10:46:23,246 - ipset -A i-2-40-VM-6 fe80::1c00:26ff:fe00:9d
2019-03-01 10:46:23,261 - ip6tables -A BF-cloudbr0-OUT -m physdev
--physdev-is-bridged --physdev-out vnet2 -j i-2-40-def
2019-03-01 10:46:23,277 - ip6tables -A BF-cloudbr0-IN -m physdev
--physdev-is-bridged --physdev-in vnet2 -j i-2-40-def
2019-03-01 10:46:23,293 - ip6tables -A i-2-40-def -m state --state
RELATED,ESTABLISHED -j ACCEPT
2019-03-01 10:46:23,309 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 --src fe80::/64 --dst ff02::1 -p
icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,327 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 --dst ff02::2 -p icmpv6
--icmpv6-type router-solicitation -m hl --hl-eq 255 -j RETURN
2019-03-01 10:46:23,344 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
router-advertisement -j DROP
2019-03-01 10:46:23,361 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
neighbor-solicitation -m hl --hl-eq 255 -j RETURN
2019-03-01 10:46:23,378 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,395 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
neighbor-advertisement -m set --match-set i-2-40-VM-6 src -m hl --hl-eq 255
-j RETURN
2019-03-01 10:46:23,412 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,430 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
packet-too-big -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,447 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
packet-too-big -j ACCEPT
2019-03-01 10:46:23,464 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
destination-unreachable -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,482 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
destination-unreachable -j ACCEPT
2019-03-01 10:46:23,499 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
time-exceeded -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,516 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
time-exceeded -j ACCEPT
2019-03-01 10:46:23,533 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
parameter-problem -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,551 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
parameter-problem -j ACCEPT
2019-03-01 10:46:23,568 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --dst ff02::16 -j RETURN
2019-03-01 10:46:23,585 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --sport 546 --dst ff02::1:2
--src fe80::1c00:26ff:fe00:9d -j RETURN
2019-03-01 10:46:23,602 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p udp --src fe80::/64 --dport 546
--dst fe80::1c00:26ff:fe00:9d -j ACCEPT
2019-03-01 10:46:23,620 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --sport 547 ! --dst
fe80::/64 -j DROP
2019-03-01 10:46:23,637 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --dport 53 -m set
--match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,655 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p tcp --dport 53 -m set
--match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,672 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -m set ! --match-set i-2-40-VM-6
src -j DROP
2019-03-01 10:46:23,689 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -m set --match-set i-2-40-VM-6 src
-j i-2-40-VM-eg
2019-03-01 10:46:23,706 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -j i-2-40-VM
2019-03-01 10:46:23,723 - ip6tables -A i-2-40-VM -j DROP
2019-03-01 10:46:23,739 - Programmed default rules for vm i-2-40-VM
2019-03-01 10:46:24,255 - Executing command: add_network_rules
2019-03-01 10:46:24,259 - programming network rules for IP:
172.20.109.167 vmname=i-2-40-VM
2019-03-01 10:46:24,260 - iptables -F i-2-40-VM
2019-03-01 10:46:24,273 - ip6tables -F i-2-40-VM
2019-03-01 10:46:24,287 - iptables -F i-2-40-VM-eg
2019-03-01 10:46:24,298 - ip6tables -F i-2-40-VM-eg
2019-03-01 10:46:24,312 - iptables -I i-2-40-VM -p tcp -m tcp --dport
0:12000 -m state --state NEW -s 0.0.0.0/24 -j ACCEPT
2019-03-01 10:46:24,325 - iptables -I i-2-40-VM-eg -p tcp -m tcp --dport
0:12000 -m state --state NEW -d 0.0.0.0/24 -j RETURN
2019-03-01 10:46:24,339 - iptables -A i-2-40-VM-eg -j DROP
2019-03-01 10:46:24,351 - ip6tables -A i-2-40-VM-eg -j RETURN
2019-03-01 10:46:24,364 - iptables -A i-2-40-VM -j DROP
2019-03-01 10:46:24,376 - ip6tables -A i-2-40-VM -j DROP
2019-03-01 10:46:24,389 - Writing log to /var/run/cloud/i-2-40-VM.log
2019-03-01 10:46:31,575 - Executing command: get_rule_logs_for_vms
2019-03-01 10:47:31,513 - Executing command: get_rule_logs_for_vms
2019-03-01 10:48:31,515 - Executing command: get_rule_logs_for_vms
2019-03-01 10:49:31,517 - Executing command: get_rule_logs_for_vms
2019-03-01 10:50:31,520 - Executing command: get_rule_logs_for_vms
2019-03-01 10:51:31,522 - Executing command: get_rule_logs_for_vms
2019-03-01 10:52:31,527 - Executing command: get_rule_logs_for_vms
2019-03-01 10:53:31,528 - Executing command: get_rule_logs_for_vms
2019-03-01 10:54:31,529 - Executing command: get_rule_logs_for_vms
2019-03-01 10:55:31,581 - Executing command: get_rule_logs_for_vms
Regards
Soundar
On Fri, Mar 1, 2019 at 1:12 AM Jon Marshall <jm...@hotmail.co.uk> wrote:
> Is this after you migrated the VM to another compute node ?
>
> It looks suspiciously like the issue I saw ie. I was using advanced
> networking with security groups and the security policy for the VM was not
> migrated to the new compute node.
>
> There is a bug filed for it and a workaround -
>
> https://github.com/apache/cloudstack/issues/3088
>
> the fix is in the comments but basically you need to need to edit this
> file - "/usr/share/cloudstack-common/scripts/vm/network/security_group.py"
>
> and change line 490 from -
>
> if ips[0] == "0":
>
> to -
>
> if len(ips) == 0 or ips[0] == "0":
>
> and that should fix it.
>
> The will be included in CS v4.11.3
>
> Jon
>
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: 28 February 2019 13:52
> To: dev@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: Not able to access the vm from outside network
>
> Hi,
>
> VM outbound is working fine. Inbound is not not able to access from
> outside network
>
> Error Log
> 2019-02-28 18:12:25,112 - Failed to network rule !
> Traceback (most recent call last):
> File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> line 995, in add_network_rules
> default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif, brname,
> sec_ips)
> File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> line 490, in default_network_rules
> if ips[0] == "0":
> IndexError: list index out of range
> 2019-02-28 18:13:16,635 - Executing command: cleanup_rules
> 2019-02-28 18:13:16,645 - Vms on the host : ['i-2-40-VM', 'i-2-90-VM',
> 'i-2-112-VM']
> 2019-02-28 18:13:16,645 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk
> '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
> 2019-02-28 18:13:16,671 - iptables chains in the host :['BF-cloudbr0',
> 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'FORWARD', 'i-2-112-VM', 'i-2-40-VM',
> 'i-2-90-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', '']
> 2019-02-28 18:13:16,672 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' '
> | sed s/ebtable_//
> 2019-02-28 18:13:16,693 - ebtables -t nat -L | awk '/chain:/ {
> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> 2019-02-28 18:13:16,716 - ebtables -t filter -L | awk '/chain:/ {
> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> 2019-02-28 18:13:16,738 - ebtables chains in the host: ['FORWARD,',
> 'INPUT,', 'OUTPUT,', '']
> 2019-02-28 18:13:16,739 - Cleaned up rules for 0 chains
> 2019-02-28 18:13:23,959 - Executing command: get_rule_logs_for_vms
>
> It happens to particular vm
>
> Please help..
>
Re: Not able to access the vm from outside network
Posted by soundar rajan <bs...@gmail.com>.
yes i was able to ping and access the vm earlier. After restart it was not
working.
On Fri, Mar 1, 2019 at 2:27 PM Jon Marshall <jm...@hotmail.co.uk> wrote:
> Hi Soundar
>
> Could you ping the VM before ?
>
> From memory I think when I had the issue even after the fix I had to
> destroy the VM and recreate for it to work but you may not be able to do
> that or there may be a better way (I was in testing phase so I could do
> that).
>
> Jon
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: 01 March 2019 05:27
> To: users@cloudstack.apache.org
> Subject: Re: Not able to access the vm from outside network
>
> Hi Jon,
>
> Thanks that fix's the error but still i am not able to ping the vm
>
>
> 2019-03-01 10:46:23,246 - ipset -A i-2-40-VM-6 fe80::1c00:26ff:fe00:9d
> 2019-03-01 10:46:23,261 - ip6tables -A BF-cloudbr0-OUT -m physdev
> --physdev-is-bridged --physdev-out vnet2 -j i-2-40-def
> 2019-03-01 10:46:23,277 - ip6tables -A BF-cloudbr0-IN -m physdev
> --physdev-is-bridged --physdev-in vnet2 -j i-2-40-def
> 2019-03-01 10:46:23,293 - ip6tables -A i-2-40-def -m state --state
> RELATED,ESTABLISHED -j ACCEPT
> 2019-03-01 10:46:23,309 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 --src fe80::/64 --dst ff02::1 -p
> icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,327 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 --dst ff02::2 -p icmpv6
> --icmpv6-type router-solicitation -m hl --hl-eq 255 -j RETURN
> 2019-03-01 10:46:23,344 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> router-advertisement -j DROP
> 2019-03-01 10:46:23,361 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> neighbor-solicitation -m hl --hl-eq 255 -j RETURN
> 2019-03-01 10:46:23,378 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,395 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> neighbor-advertisement -m set --match-set i-2-40-VM-6 src -m hl --hl-eq 255
> -j RETURN
> 2019-03-01 10:46:23,412 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,430 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> packet-too-big -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,447 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> packet-too-big -j ACCEPT
> 2019-03-01 10:46:23,464 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> destination-unreachable -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,482 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> destination-unreachable -j ACCEPT
> 2019-03-01 10:46:23,499 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> time-exceeded -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,516 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> time-exceeded -j ACCEPT
> 2019-03-01 10:46:23,533 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> parameter-problem -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,551 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> parameter-problem -j ACCEPT
> 2019-03-01 10:46:23,568 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --dst ff02::16 -j RETURN
> 2019-03-01 10:46:23,585 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --sport 546 --dst ff02::1:2
> --src fe80::1c00:26ff:fe00:9d -j RETURN
> 2019-03-01 10:46:23,602 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p udp --src fe80::/64 --dport 546
> --dst fe80::1c00:26ff:fe00:9d -j ACCEPT
> 2019-03-01 10:46:23,620 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --sport 547 ! --dst
> fe80::/64 -j DROP
> 2019-03-01 10:46:23,637 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --dport 53 -m set
> --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,655 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p tcp --dport 53 -m set
> --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,672 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -m set ! --match-set i-2-40-VM-6
> src -j DROP
> 2019-03-01 10:46:23,689 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -m set --match-set i-2-40-VM-6 src
> -j i-2-40-VM-eg
> 2019-03-01 10:46:23,706 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -j i-2-40-VM
> 2019-03-01 10:46:23,723 - ip6tables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:23,739 - Programmed default rules for vm i-2-40-VM
> 2019-03-01 10:46:24,255 - Executing command: add_network_rules
> 2019-03-01 10:46:24,259 - programming network rules for IP:
> 172.20.109.167 vmname=i-2-40-VM
> 2019-03-01 10:46:24,260 - iptables -F i-2-40-VM
> 2019-03-01 10:46:24,273 - ip6tables -F i-2-40-VM
> 2019-03-01 10:46:24,287 - iptables -F i-2-40-VM-eg
> 2019-03-01 10:46:24,298 - ip6tables -F i-2-40-VM-eg
> 2019-03-01 10:46:24,312 - iptables -I i-2-40-VM -p tcp -m tcp --dport
> 0:12000 -m state --state NEW -s 0.0.0.0/24 -j ACCEPT
> 2019-03-01 10:46:24,325 - iptables -I i-2-40-VM-eg -p tcp -m tcp --dport
> 0:12000 -m state --state NEW -d 0.0.0.0/24 -j RETURN
> 2019-03-01 10:46:24,339 - iptables -A i-2-40-VM-eg -j DROP
> 2019-03-01 10:46:24,351 - ip6tables -A i-2-40-VM-eg -j RETURN
> 2019-03-01 10:46:24,364 - iptables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:24,376 - ip6tables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:24,389 - Writing log to /var/run/cloud/i-2-40-VM.log
> 2019-03-01 10:46:31,575 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:47:31,513 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:48:31,515 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:49:31,517 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:50:31,520 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:51:31,522 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:52:31,527 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:53:31,528 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:54:31,529 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:55:31,581 - Executing command: get_rule_logs_for_vms
> Regards
> Soundar
>
> On Fri, Mar 1, 2019 at 1:12 AM Jon Marshall <jm...@hotmail.co.uk> wrote:
>
> > Is this after you migrated the VM to another compute node ?
> >
> > It looks suspiciously like the issue I saw ie. I was using advanced
> > networking with security groups and the security policy for the VM was
> not
> > migrated to the new compute node.
> >
> > There is a bug filed for it and a workaround -
> >
> > https://github.com/apache/cloudstack/issues/3088
> >
> > the fix is in the comments but basically you need to need to edit this
> > file -
> "/usr/share/cloudstack-common/scripts/vm/network/security_group.py"
> >
> > and change line 490 from -
> >
> > if ips[0] == "0":
> >
> > to -
> >
> > if len(ips) == 0 or ips[0] == "0":
> >
> > and that should fix it.
> >
> > The will be included in CS v4.11.3
> >
> > Jon
> >
> >
> > ________________________________
> > From: soundar rajan <bs...@gmail.com>
> > Sent: 28 February 2019 13:52
> > To: dev@cloudstack.apache.org; users@cloudstack.apache.org
> > Subject: Not able to access the vm from outside network
> >
> > Hi,
> >
> > VM outbound is working fine. Inbound is not not able to access from
> > outside network
> >
> > Error Log
> > 2019-02-28 18:12:25,112 - Failed to network rule !
> > Traceback (most recent call last):
> > File
> "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> > line 995, in add_network_rules
> > default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif,
> brname,
> > sec_ips)
> > File
> "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> > line 490, in default_network_rules
> > if ips[0] == "0":
> > IndexError: list index out of range
> > 2019-02-28 18:13:16,635 - Executing command: cleanup_rules
> > 2019-02-28 18:13:16,645 - Vms on the host : ['i-2-40-VM', 'i-2-90-VM',
> > 'i-2-112-VM']
> > 2019-02-28 18:13:16,645 - iptables-save | grep -P '^:(?!.*-(def|eg))' |
> awk
> > '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
> > 2019-02-28 18:13:16,671 - iptables chains in the host :['BF-cloudbr0',
> > 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'FORWARD', 'i-2-112-VM',
> 'i-2-40-VM',
> > 'i-2-90-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', '']
> > 2019-02-28 18:13:16,672 - grep -E '^ebtable_' /proc/modules | cut -f1
> -d' '
> > | sed s/ebtable_//
> > 2019-02-28 18:13:16,693 - ebtables -t nat -L | awk '/chain:/ {
> > gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> > 2019-02-28 18:13:16,716 - ebtables -t filter -L | awk '/chain:/ {
> > gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> > 2019-02-28 18:13:16,738 - ebtables chains in the host: ['FORWARD,',
> > 'INPUT,', 'OUTPUT,', '']
> > 2019-02-28 18:13:16,739 - Cleaned up rules for 0 chains
> > 2019-02-28 18:13:23,959 - Executing command: get_rule_logs_for_vms
> >
> > It happens to particular vm
> >
> > Please help..
> >
>
Re: Not able to access the vm from outside network
Posted by Jon Marshall <jm...@hotmail.co.uk>.
Hi Soundar
Could you ping the VM before ?
From memory I think when I had the issue even after the fix I had to destroy the VM and recreate for it to work but you may not be able to do that or there may be a better way (I was in testing phase so I could do that).
Jon
________________________________
From: soundar rajan <bs...@gmail.com>
Sent: 01 March 2019 05:27
To: users@cloudstack.apache.org
Subject: Re: Not able to access the vm from outside network
Hi Jon,
Thanks that fix's the error but still i am not able to ping the vm
2019-03-01 10:46:23,246 - ipset -A i-2-40-VM-6 fe80::1c00:26ff:fe00:9d
2019-03-01 10:46:23,261 - ip6tables -A BF-cloudbr0-OUT -m physdev
--physdev-is-bridged --physdev-out vnet2 -j i-2-40-def
2019-03-01 10:46:23,277 - ip6tables -A BF-cloudbr0-IN -m physdev
--physdev-is-bridged --physdev-in vnet2 -j i-2-40-def
2019-03-01 10:46:23,293 - ip6tables -A i-2-40-def -m state --state
RELATED,ESTABLISHED -j ACCEPT
2019-03-01 10:46:23,309 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 --src fe80::/64 --dst ff02::1 -p
icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,327 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 --dst ff02::2 -p icmpv6
--icmpv6-type router-solicitation -m hl --hl-eq 255 -j RETURN
2019-03-01 10:46:23,344 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
router-advertisement -j DROP
2019-03-01 10:46:23,361 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
neighbor-solicitation -m hl --hl-eq 255 -j RETURN
2019-03-01 10:46:23,378 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,395 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
neighbor-advertisement -m set --match-set i-2-40-VM-6 src -m hl --hl-eq 255
-j RETURN
2019-03-01 10:46:23,412 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
2019-03-01 10:46:23,430 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
packet-too-big -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,447 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
packet-too-big -j ACCEPT
2019-03-01 10:46:23,464 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
destination-unreachable -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,482 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
destination-unreachable -j ACCEPT
2019-03-01 10:46:23,499 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
time-exceeded -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,516 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
time-exceeded -j ACCEPT
2019-03-01 10:46:23,533 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
parameter-problem -m set --match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,551 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
parameter-problem -j ACCEPT
2019-03-01 10:46:23,568 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p icmpv6 --dst ff02::16 -j RETURN
2019-03-01 10:46:23,585 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --sport 546 --dst ff02::1:2
--src fe80::1c00:26ff:fe00:9d -j RETURN
2019-03-01 10:46:23,602 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -p udp --src fe80::/64 --dport 546
--dst fe80::1c00:26ff:fe00:9d -j ACCEPT
2019-03-01 10:46:23,620 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --sport 547 ! --dst
fe80::/64 -j DROP
2019-03-01 10:46:23,637 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p udp --dport 53 -m set
--match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,655 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -p tcp --dport 53 -m set
--match-set i-2-40-VM-6 src -j RETURN
2019-03-01 10:46:23,672 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -m set ! --match-set i-2-40-VM-6
src -j DROP
2019-03-01 10:46:23,689 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-in vnet2 -m set --match-set i-2-40-VM-6 src
-j i-2-40-VM-eg
2019-03-01 10:46:23,706 - ip6tables -A i-2-40-def -m physdev
--physdev-is-bridged --physdev-out vnet2 -j i-2-40-VM
2019-03-01 10:46:23,723 - ip6tables -A i-2-40-VM -j DROP
2019-03-01 10:46:23,739 - Programmed default rules for vm i-2-40-VM
2019-03-01 10:46:24,255 - Executing command: add_network_rules
2019-03-01 10:46:24,259 - programming network rules for IP:
172.20.109.167 vmname=i-2-40-VM
2019-03-01 10:46:24,260 - iptables -F i-2-40-VM
2019-03-01 10:46:24,273 - ip6tables -F i-2-40-VM
2019-03-01 10:46:24,287 - iptables -F i-2-40-VM-eg
2019-03-01 10:46:24,298 - ip6tables -F i-2-40-VM-eg
2019-03-01 10:46:24,312 - iptables -I i-2-40-VM -p tcp -m tcp --dport
0:12000 -m state --state NEW -s 0.0.0.0/24 -j ACCEPT
2019-03-01 10:46:24,325 - iptables -I i-2-40-VM-eg -p tcp -m tcp --dport
0:12000 -m state --state NEW -d 0.0.0.0/24 -j RETURN
2019-03-01 10:46:24,339 - iptables -A i-2-40-VM-eg -j DROP
2019-03-01 10:46:24,351 - ip6tables -A i-2-40-VM-eg -j RETURN
2019-03-01 10:46:24,364 - iptables -A i-2-40-VM -j DROP
2019-03-01 10:46:24,376 - ip6tables -A i-2-40-VM -j DROP
2019-03-01 10:46:24,389 - Writing log to /var/run/cloud/i-2-40-VM.log
2019-03-01 10:46:31,575 - Executing command: get_rule_logs_for_vms
2019-03-01 10:47:31,513 - Executing command: get_rule_logs_for_vms
2019-03-01 10:48:31,515 - Executing command: get_rule_logs_for_vms
2019-03-01 10:49:31,517 - Executing command: get_rule_logs_for_vms
2019-03-01 10:50:31,520 - Executing command: get_rule_logs_for_vms
2019-03-01 10:51:31,522 - Executing command: get_rule_logs_for_vms
2019-03-01 10:52:31,527 - Executing command: get_rule_logs_for_vms
2019-03-01 10:53:31,528 - Executing command: get_rule_logs_for_vms
2019-03-01 10:54:31,529 - Executing command: get_rule_logs_for_vms
2019-03-01 10:55:31,581 - Executing command: get_rule_logs_for_vms
Regards
Soundar
On Fri, Mar 1, 2019 at 1:12 AM Jon Marshall <jm...@hotmail.co.uk> wrote:
> Is this after you migrated the VM to another compute node ?
>
> It looks suspiciously like the issue I saw ie. I was using advanced
> networking with security groups and the security policy for the VM was not
> migrated to the new compute node.
>
> There is a bug filed for it and a workaround -
>
> https://github.com/apache/cloudstack/issues/3088
>
> the fix is in the comments but basically you need to need to edit this
> file - "/usr/share/cloudstack-common/scripts/vm/network/security_group.py"
>
> and change line 490 from -
>
> if ips[0] == "0":
>
> to -
>
> if len(ips) == 0 or ips[0] == "0":
>
> and that should fix it.
>
> The will be included in CS v4.11.3
>
> Jon
>
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: 28 February 2019 13:52
> To: dev@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: Not able to access the vm from outside network
>
> Hi,
>
> VM outbound is working fine. Inbound is not not able to access from
> outside network
>
> Error Log
> 2019-02-28 18:12:25,112 - Failed to network rule !
> Traceback (most recent call last):
> File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> line 995, in add_network_rules
> default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif, brname,
> sec_ips)
> File "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
> line 490, in default_network_rules
> if ips[0] == "0":
> IndexError: list index out of range
> 2019-02-28 18:13:16,635 - Executing command: cleanup_rules
> 2019-02-28 18:13:16,645 - Vms on the host : ['i-2-40-VM', 'i-2-90-VM',
> 'i-2-112-VM']
> 2019-02-28 18:13:16,645 - iptables-save | grep -P '^:(?!.*-(def|eg))' | awk
> '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
> 2019-02-28 18:13:16,671 - iptables chains in the host :['BF-cloudbr0',
> 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'FORWARD', 'i-2-112-VM', 'i-2-40-VM',
> 'i-2-90-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', '']
> 2019-02-28 18:13:16,672 - grep -E '^ebtable_' /proc/modules | cut -f1 -d' '
> | sed s/ebtable_//
> 2019-02-28 18:13:16,693 - ebtables -t nat -L | awk '/chain:/ {
> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> 2019-02-28 18:13:16,716 - ebtables -t filter -L | awk '/chain:/ {
> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
> 2019-02-28 18:13:16,738 - ebtables chains in the host: ['FORWARD,',
> 'INPUT,', 'OUTPUT,', '']
> 2019-02-28 18:13:16,739 - Cleaned up rules for 0 chains
> 2019-02-28 18:13:23,959 - Executing command: get_rule_logs_for_vms
>
> It happens to particular vm
>
> Please help..
>
Re: Not able to access the vm from outside network
Posted by soundar rajan <bs...@gmail.com>.
Version is 4.11.0.0
KVM Hypervisor
Centos
On Fri, Mar 1, 2019 at 10:57 AM soundar rajan <bs...@gmail.com>
wrote:
> Hi Jon,
>
> Thanks that fix's the error but still i am not able to ping the vm
>
>
> 2019-03-01 10:46:23,246 - ipset -A i-2-40-VM-6 fe80::1c00:26ff:fe00:9d
> 2019-03-01 10:46:23,261 - ip6tables -A BF-cloudbr0-OUT -m physdev
> --physdev-is-bridged --physdev-out vnet2 -j i-2-40-def
> 2019-03-01 10:46:23,277 - ip6tables -A BF-cloudbr0-IN -m physdev
> --physdev-is-bridged --physdev-in vnet2 -j i-2-40-def
> 2019-03-01 10:46:23,293 - ip6tables -A i-2-40-def -m state --state
> RELATED,ESTABLISHED -j ACCEPT
> 2019-03-01 10:46:23,309 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 --src fe80::/64 --dst ff02::1 -p
> icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,327 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 --dst ff02::2 -p icmpv6
> --icmpv6-type router-solicitation -m hl --hl-eq 255 -j RETURN
> 2019-03-01 10:46:23,344 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> router-advertisement -j DROP
> 2019-03-01 10:46:23,361 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> neighbor-solicitation -m hl --hl-eq 255 -j RETURN
> 2019-03-01 10:46:23,378 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,395 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> neighbor-advertisement -m set --match-set i-2-40-VM-6 src -m hl --hl-eq 255
> -j RETURN
> 2019-03-01 10:46:23,412 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
> 2019-03-01 10:46:23,430 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> packet-too-big -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,447 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> packet-too-big -j ACCEPT
> 2019-03-01 10:46:23,464 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> destination-unreachable -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,482 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> destination-unreachable -j ACCEPT
> 2019-03-01 10:46:23,499 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> time-exceeded -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,516 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> time-exceeded -j ACCEPT
> 2019-03-01 10:46:23,533 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --icmpv6-type
> parameter-problem -m set --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,551 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p icmpv6 --icmpv6-type
> parameter-problem -j ACCEPT
> 2019-03-01 10:46:23,568 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p icmpv6 --dst ff02::16 -j RETURN
> 2019-03-01 10:46:23,585 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --sport 546 --dst ff02::1:2
> --src fe80::1c00:26ff:fe00:9d -j RETURN
> 2019-03-01 10:46:23,602 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -p udp --src fe80::/64 --dport 546
> --dst fe80::1c00:26ff:fe00:9d -j ACCEPT
> 2019-03-01 10:46:23,620 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --sport 547 ! --dst
> fe80::/64 -j DROP
> 2019-03-01 10:46:23,637 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p udp --dport 53 -m set
> --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,655 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -p tcp --dport 53 -m set
> --match-set i-2-40-VM-6 src -j RETURN
> 2019-03-01 10:46:23,672 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -m set ! --match-set i-2-40-VM-6
> src -j DROP
> 2019-03-01 10:46:23,689 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-in vnet2 -m set --match-set i-2-40-VM-6 src
> -j i-2-40-VM-eg
> 2019-03-01 10:46:23,706 - ip6tables -A i-2-40-def -m physdev
> --physdev-is-bridged --physdev-out vnet2 -j i-2-40-VM
> 2019-03-01 10:46:23,723 - ip6tables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:23,739 - Programmed default rules for vm i-2-40-VM
> 2019-03-01 10:46:24,255 - Executing command: add_network_rules
> 2019-03-01 10:46:24,259 - programming network rules for IP:
> 172.20.109.167 vmname=i-2-40-VM
> 2019-03-01 10:46:24,260 - iptables -F i-2-40-VM
> 2019-03-01 10:46:24,273 - ip6tables -F i-2-40-VM
> 2019-03-01 10:46:24,287 - iptables -F i-2-40-VM-eg
> 2019-03-01 10:46:24,298 - ip6tables -F i-2-40-VM-eg
> 2019-03-01 10:46:24,312 - iptables -I i-2-40-VM -p tcp -m tcp --dport
> 0:12000 -m state --state NEW -s 0.0.0.0/24 -j ACCEPT
> 2019-03-01 10:46:24,325 - iptables -I i-2-40-VM-eg -p tcp -m tcp --dport
> 0:12000 -m state --state NEW -d 0.0.0.0/24 -j RETURN
> 2019-03-01 10:46:24,339 - iptables -A i-2-40-VM-eg -j DROP
> 2019-03-01 10:46:24,351 - ip6tables -A i-2-40-VM-eg -j RETURN
> 2019-03-01 10:46:24,364 - iptables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:24,376 - ip6tables -A i-2-40-VM -j DROP
> 2019-03-01 10:46:24,389 - Writing log to /var/run/cloud/i-2-40-VM.log
> 2019-03-01 10:46:31,575 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:47:31,513 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:48:31,515 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:49:31,517 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:50:31,520 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:51:31,522 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:52:31,527 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:53:31,528 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:54:31,529 - Executing command: get_rule_logs_for_vms
> 2019-03-01 10:55:31,581 - Executing command: get_rule_logs_for_vms
> Regards
> Soundar
>
> On Fri, Mar 1, 2019 at 1:12 AM Jon Marshall <jm...@hotmail.co.uk> wrote:
>
>> Is this after you migrated the VM to another compute node ?
>>
>> It looks suspiciously like the issue I saw ie. I was using advanced
>> networking with security groups and the security policy for the VM was not
>> migrated to the new compute node.
>>
>> There is a bug filed for it and a workaround -
>>
>> https://github.com/apache/cloudstack/issues/3088
>>
>> the fix is in the comments but basically you need to need to edit this
>> file - "/usr/share/cloudstack-common/scripts/vm/network/security_group.py"
>>
>> and change line 490 from -
>>
>> if ips[0] == "0":
>>
>> to -
>>
>> if len(ips) == 0 or ips[0] == "0":
>>
>> and that should fix it.
>>
>> The will be included in CS v4.11.3
>>
>> Jon
>>
>>
>> ________________________________
>> From: soundar rajan <bs...@gmail.com>
>> Sent: 28 February 2019 13:52
>> To: dev@cloudstack.apache.org; users@cloudstack.apache.org
>> Subject: Not able to access the vm from outside network
>>
>> Hi,
>>
>> VM outbound is working fine. Inbound is not not able to access from
>> outside network
>>
>> Error Log
>> 2019-02-28 18:12:25,112 - Failed to network rule !
>> Traceback (most recent call last):
>> File
>> "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
>> line 995, in add_network_rules
>> default_network_rules(vmName, vm_id, vm_ip, vm_ip6, vmMac, vif,
>> brname,
>> sec_ips)
>> File
>> "/usr/share/cloudstack-common/scripts/vm/network/security_group.py",
>> line 490, in default_network_rules
>> if ips[0] == "0":
>> IndexError: list index out of range
>> 2019-02-28 18:13:16,635 - Executing command: cleanup_rules
>> 2019-02-28 18:13:16,645 - Vms on the host : ['i-2-40-VM', 'i-2-90-VM',
>> 'i-2-112-VM']
>> 2019-02-28 18:13:16,645 - iptables-save | grep -P '^:(?!.*-(def|eg))' |
>> awk
>> '{sub(/^:/, "", $1) ; print $1}' | sort | uniq
>> 2019-02-28 18:13:16,671 - iptables chains in the host :['BF-cloudbr0',
>> 'BF-cloudbr0-IN', 'BF-cloudbr0-OUT', 'FORWARD', 'i-2-112-VM', 'i-2-40-VM',
>> 'i-2-90-VM', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING', '']
>> 2019-02-28 18:13:16,672 - grep -E '^ebtable_' /proc/modules | cut -f1 -d'
>> '
>> | sed s/ebtable_//
>> 2019-02-28 18:13:16,693 - ebtables -t nat -L | awk '/chain:/ {
>> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
>> 2019-02-28 18:13:16,716 - ebtables -t filter -L | awk '/chain:/ {
>> gsub(/(^.*chain: |-(in|out|ips).*)/, ""); print $1}' | sort | uniq
>> 2019-02-28 18:13:16,738 - ebtables chains in the host: ['FORWARD,',
>> 'INPUT,', 'OUTPUT,', '']
>> 2019-02-28 18:13:16,739 - Cleaned up rules for 0 chains
>> 2019-02-28 18:13:23,959 - Executing command: get_rule_logs_for_vms
>>
>> It happens to particular vm
>>
>> Please help..
>>
>