yea, so you can play with that and see if it makes any difference. Iptables may be blocking access to your consoleproxy's service, or something else.
On Fri, Apr 19, 2013 at 5:37 PM, Maurice Lawler <maurice.law...@me.com>wrote: > Output: > > [root@gizmo scripts]# cat /proc/sys/net/bridge/bridge* > 1 > 1 > 1 > 0 > 0 > [root@gizmo scripts]# > > > > > On Apr 19, 2013, at 07:21 PM, Marcus Sorensen <shadow...@gmail.com> wrote: > > what do you see in: > > cat /proc/sys/net/bridge/bridge* > > ? I think I've seen issues with these being set to 1, but I think it might > need to be set to 1 if you're using security groups. > > > On Fri, Apr 19, 2013 at 5:20 PM, Marcus Sorensen <shadow...@gmail.com > >wrote: > > > What do you see in : > > > > > > > > On Fri, Apr 19, 2013 at 2:17 PM, Maurice Lawler <maurice.law...@me.com > >wrote: > > > >> I've tried it with them disabled (iptables get written) and enabled (the > >> same issue) > >> > >> The cron job seemed to do the trick, until someone just mentioned to > try: > >> > >> iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT > >> > >> That's not working, so I am going back to my cronjob! > >> > >> - Maurice > >> > >> > >> On Apr 19, 2013, at 02:08 PM, Edison Su <edison...@citrix.com> wrote: > >> > >> > >> > >> > -----Original Message----- > >> > From: Jason Pavao [mailto:jason.pa...@oracle.com] > >> > Sent: Thursday, April 18, 2013 8:50 AM > >> > To: dev@cloudstack.apache.org > >> > Cc: Maurice Lawler; us...@cloudstack.apache.org > >> > Subject: Re: IP tables blocking KVM/Console > >> > > >> > Maurice, > >> > I was having the same issues, I tried a number of iptables rule > >> changes, but it > >> > seems that whenever a new instance was deployed it would overwrite my > >> > changes and break things again. My temporary fix is to run a cron job > >> that > >> > runs every minute that issues a service iptables stop. > >> > >> Do you disable security group when creating the zone? If security group > >> is disabled, then there should be no iptables rules created on kvm host > >> when a new instance created. > >> > >> > > >> > It's not elegant but it works since I don't have a need for security > >> groups and > >> > am supporting a jenkins continuous testing environment with no need > for > >> > network ingress/egress rules. > >> > > >> > Does anyone else know why this is happening? > >> > > >> > I am running cs 4.0.1 on oel6.3x64 > >> > > >> > Any help would be appreciated. > >> > Thanks. > >> > -jason > >> > > >> > On 4/17/2013 7:47 PM, Maurice Lawler wrote: > >> > > I have stopped iptables at least 15 times, because it keeps blocking > >> > > my console access to my instances. How can I either A) disable > >> > > Iptables all together / b add a rule to allow it's access. > >> > > > >> > > Right now, it has this: > >> > > > >> > > [root@lunder ~]# iptables -L > >> > > Chain INPUT (policy ACCEPT) > >> > > target prot opt source destination > >> > > ACCEPT udp -- anywhere anywhere udp > >> > > dpt:bootps > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpt:bootps > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpts:49152:49216 > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpts:vnc-server:synchronet-db > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpt:16509 > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpt:websm > >> > > ACCEPT tcp -- anywhere anywhere tcp dpt:8250 > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpt:empowerid > >> > > ACCEPT tcp -- anywhere anywhere tcp > >> > > dpt:webcache > >> > > ACCEPT all -- anywhere anywhere state > >> > > RELATED,ESTABLISHED > >> > > ACCEPT icmp -- anywhere anywhere > >> > > ACCEPT all -- anywhere anywhere > >> > > ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh > >> > > REJECT all -- anywhere anywhere reject-with > >> > > icmp-host-prohibited > >> > > > >> > > Chain FORWARD (policy ACCEPT) > >> > > target prot opt source destination > >> > > > >> > > Chain OUTPUT (policy ACCEPT) > >> > > target prot opt source destination > >> > > [root@lunder ~]# > >> > > > >> > > But there was plenty of other rules previously to my stopping it. > >> > > > >> > > > >> > > >> > -- > >> > Thanks. > >> > -Jason > >> > >> > > > >
