ravening commented on pull request #5397: URL: https://github.com/apache/cloudstack/pull/5397#issuecomment-918952248
> > > > @weizhouapache > > > > > > > > 1. yes 10.32.22.125 is configured as gateway in dedicated servers but cloudstack says 10.32.22.126 as the gateway > > > > 2. if he tries to configure 10.32.22.126 as the gateway in dedicated server then ping wont work > > > > > > > > without any code change, the ping from vm to dedicated server works but ping from dedicated server to internet doesnt work > > > > if i make both public ip and gateway 10.32.22.125 in cloudstack then ping from decdicated server to internet works but ssh from vm to dedicated server doesnt work (ping still works) > > > > with this code change both scenarios works > > > > > > > > > @ravening > > > since ping works but ssh does not work (from vm to dedicated server), ip configuration, route should be ok. > > > it should be caused by ACL rules. > > > As I pointed out in my previous comment, ssh works only from 10.69.3.0/24 and 10.0.0.0/16. > > > I suggest to add ACL rule to allow ssh (port 22) from 10.69.0.0/24, 10.69.1.0/24, 10.69.2.0/24 > > > > > > @weizhouapache > > should I add this to all tiers? > > I tested the ssh connection from the "admin tier" which has the below acl rule > > 100 : cidr 0.0.0.0/0 icmp -1 -1 allow all direction: ingress > > 101: cidr 0.0.0.0/0 port 22 tcp allow all direction- ingress > > 1000: cidr 0.0.0.0/0 action : deny protocol: all direction: ingress > > @ravening I think you need to change the ACL rules of private gateway, not VPC tiers. @weizhouapache you mean to say add static routes under the private gateay? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
