Re: Disable Router Firewall

[Rana Faisal Munir]

Thanks, this solved my problem :) 

 
Regards
Rana Faisal Munir 
Mobile: +92 333 6617324
Blog: ranafaisal.wordpress.com





 From: Ahmad Emneina 
To: Cloudstack users mailing list ; Rana Faisal 
Munir  
Sent: Wednesday, April 10, 2013 10:03 AM
Subject: Re: Disable Router Firewall
 
I assume this is for guests within cloudstack, and this is a security
enabled zone... what you'll need to do is flush iptables and ebtables
rules... see if that helps.
iptables -F and ebtables -F


On Tue, Apr 9, 2013 at 12:44 AM, Rana Faisal Munir
wrote:

> Hi,
>
> I have setup cloudstack for testing purposes. I want to establish MySQL
> Failover cluster on cloudstack. But for that there is some IP
> configurations, that cloudstack does not allowed. It consider it as IP
> spoofing. Please let me know how to disable the firewall, is there any
> way???
>
>
>
>
> Regards
> Rana Faisal Munir
> Mobile: +92 333 6617324
> Blog: ranafaisal.wordpress.com

Re: Disable Router Firewall

[Rana Faisal Munir]

Thanks 


 
 
Regards
Rana Faisal Munir 
Mobile: +92 333 6617324
Blog: ranafaisal.wordpress.com





 From: Shanker Balan 
To: "users@cloudstack.apache.org"  
Sent: Wednesday, April 10, 2013 9:26 AM
Subject: Re: Disable Router Firewall
 

On 09-Apr-2013, at 1:14 PM, Rana Faisal Munir  wrote:


Hi,
>
>I have setup cloudstack for testing purposes. I want to establish MySQL 
>Failover cluster on cloudstack. But for that there is some IP configurations, 
>that cloudstack does not allowed. It consider it as IP spoofing. Please let me 
>know how to disable the firewall,
 is there any way???
>

Hi Rana,

I guess you are trying to do is to use a "floating" IP between the active and 
passive MySQL nodes? Have a look at 
https://cwiki.apache.org/CLOUDSTACK/multiple-ip-address-per-nic.html feature 
document.

One of the cases for Multiple IP address per NIC is to move private IP 
addresses between interfaces or instances which is what you need.

However, it looks like this feature is planned for CloudStack 4.2 per the 
design docs.


Regards.

-- 
Shanker Balan
Managing Consultant




M: +91 98860 60539

shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue
ShapeBlue India, 22nd floor, Unit 2201, World Trade Centre, Bangalore - 560 055
This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or
 related companies. If you are not the intended recipient of this email, you 
must neither take any action based upon its contents, nor copy or show it to 
anyone. Please contact the sender if you believe you have received this email 
in error. Shape Blue Ltd
 is a company incorporated in England & Wales. ShapeBlue Services India LLP is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered 
trademark. 

Re: Disable Router Firewall

[Ahmad Emneina]

I assume this is for guests within cloudstack, and this is a security
enabled zone... what you'll need to do is flush iptables and ebtables
rules... see if that helps.
iptables -F and ebtables -F


On Tue, Apr 9, 2013 at 12:44 AM, Rana Faisal Munir
wrote:

> Hi,
>
> I have setup cloudstack for testing purposes. I want to establish MySQL
> Failover cluster on cloudstack. But for that there is some IP
> configurations, that cloudstack does not allowed. It consider it as IP
> spoofing. Please let me know how to disable the firewall, is there any
> way???
>
>
>
>
> Regards
> Rana Faisal Munir
> Mobile: +92 333 6617324
> Blog: ranafaisal.wordpress.com

RE: Disable Router Firewall

[Jayapal Reddy Uradi]

Hi,

In basic zone security  group rules block  user configured ip to nic.
If you are not using multiple ip address per nic, you need  hack the security 
group rules in the host.
Note: On restart of VM/host  cloudstack reconfigures the rules.


You need to modify iptables, ebtables (kvm) and arptables (xenserver) rules in 
the host.
These rules allows vm traffic by comparing mac and ip.

You can also refer CLOUDSTACK-24 bug.

Thanks,
Jayapal

From: Shanker Balan [mailto:shanker.ba...@shapeblue.com]
Sent: Wednesday, 10 April 2013 9:56 AM
To: users@cloudstack.apache.org
Subject: Re: Disable Router Firewall

On 09-Apr-2013, at 1:14 PM, Rana Faisal Munir 
mailto:ranafaisal...@yahoo.com>> wrote:


Hi,

I have setup cloudstack for testing purposes. I want to establish MySQL 
Failover cluster on cloudstack. But for that there is some IP configurations, 
that cloudstack does not allowed. It consider it as IP spoofing. Please let me 
know how to disable the firewall, is there any way???

Hi Rana,

I guess you are trying to do is to use a "floating" IP between the active and 
passive MySQL nodes? Have a look at 
https://cwiki.apache.org/CLOUDSTACK/multiple-ip-address-per-nic.html feature 
document.

One of the cases for Multiple IP address per NIC is to move private IP 
addresses between interfaces or instances which is what you need.

However, it looks like this feature is planned for CloudStack 4.2 per the 
design docs.


Regards.

--
Shanker Balan
Managing Consultant

[cid:E7CE8425-E245-4C99-B967-713DF2967392@local]

M: +91 98860 60539
shanker.ba...@shapeblue.com<mailto:shanker.ba...@shapeblue.com> | 
www.shapeblue.com<http://www.shapeblue.com> | Twitter:@shapeblue
ShapeBlue India, 22nd floor, Unit 2201, World Trade Centre, Bangalore - 560 055

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is operated under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: Disable Router Firewall

[Shanker Balan]

On 09-Apr-2013, at 1:14 PM, Rana Faisal Munir 
mailto:ranafaisal...@yahoo.com>> wrote:

Hi,

I have setup cloudstack for testing purposes. I want to establish MySQL 
Failover cluster on cloudstack. But for that there is some IP configurations, 
that cloudstack does not allowed. It consider it as IP spoofing. Please let me 
know how to disable the firewall, is there any way???

Hi Rana,

I guess you are trying to do is to use a "floating" IP between the active and 
passive MySQL nodes? Have a look at 
https://cwiki.apache.org/CLOUDSTACK/multiple-ip-address-per-nic.html feature 
document.

One of the cases for Multiple IP address per NIC is to move private IP 
addresses between interfaces or instances which is what you need.

However, it looks like this feature is planned for CloudStack 4.2 per the 
design docs.


Regards.

--
Shanker Balan
Managing Consultant

[cid:E7CE8425-E245-4C99-B967-713DF2967392@local]

M: +91 98860 60539
shanker.ba...@shapeblue.com | 
www.shapeblue.com | Twitter:@shapeblue
ShapeBlue India, 22nd floor, Unit 2201, World Trade Centre, Bangalore - 560 055

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is operated under 
license from Shape Blue Ltd. ShapeBlue is a registered trademark.