Re: recreate iptables rules on hosts
I have tried to restart the network with and without the cleanup option and this doesn't work for me. With cleanup option the vr is destroyed and recreated and I see entries made for the virtual router in the host's iptables however I see nothing else for the other instances. With cleanup option unchecked I see no changes to the iptables on any hosts. I tried copying the iptables from my other 4.4 + 6.2 installation (this one is 4.3 + 6.0.2) where it does not have VM specific rules but I am able to ssh to my instances, but that did not work. If I stop iptables I am able to access my instances. I am ok leaving it like this but the problem is that every time a new instance is create, the management server send ipset commands that start it again and then I can't access any of my instances. This is supposed to be a basic shared network without security groups. any ideas what is going on or how to disable iptables permanently? thanks Carlos On Wed, Jul 9, 2014 at 3:48 AM, Sanjeev Neelarapu sanjeev.neelar...@citrix.com wrote: Restart network from cs On Jul 7, 2014 7:22 PM, =?ISO-8859-1?Q?Carlos_Re=E1tegui?= create...@gmail.com wrote: As in service network restart on the hosts or something in the cloudstack UI? On Jul 7, 2014, at 6:06 AM, Sanjeev Neelarapu sanjeev.neelar...@citrix.com wrote: Restart network might help you. -Original Message- From: Carlos Reátegui [mailto:create...@gmail.com] Sent: Monday, July 07, 2014 12:05 PM To: CloudStack-Users Subject: recreate iptables rules on hosts I just upgraded to 4.3 from 4.1. On 4.1 I had disabled iptables on my XenServer hosts because I had had problems accessing my instances. Which now I believe was due to ipset not working with the kernel I had (see my other threads on that if interested). Now that I am on 4.3 (and with a properly working ipset in XenServer), it looks like every time a new instance is created, iptables is getting started and a new rule added to access the new instance (as expected). However, all my existing instances become unreachable because they do not have rules. Is there tool to have Cloudstack re-create all the rules for existing instances on the hosts? In case it matters I am using basic networking without security groups. thanks, Carlos
Re: recreate iptables rules on hosts
Restart network from cs On Jul 7, 2014 7:22 PM, =?ISO-8859-1?Q?Carlos_Re=E1tegui?= create...@gmail.com wrote: As in service network restart on the hosts or something in the cloudstack UI? On Jul 7, 2014, at 6:06 AM, Sanjeev Neelarapu sanjeev.neelar...@citrix.com wrote: Restart network might help you. -Original Message- From: Carlos Reátegui [mailto:create...@gmail.com] Sent: Monday, July 07, 2014 12:05 PM To: CloudStack-Users Subject: recreate iptables rules on hosts I just upgraded to 4.3 from 4.1. On 4.1 I had disabled iptables on my XenServer hosts because I had had problems accessing my instances. Which now I believe was due to ipset not working with the kernel I had (see my other threads on that if interested). Now that I am on 4.3 (and with a properly working ipset in XenServer), it looks like every time a new instance is created, iptables is getting started and a new rule added to access the new instance (as expected). However, all my existing instances become unreachable because they do not have rules. Is there tool to have Cloudstack re-create all the rules for existing instances on the hosts? In case it matters I am using basic networking without security groups. thanks, Carlos
RE: recreate iptables rules on hosts
Restart network might help you. -Original Message- From: Carlos Reátegui [mailto:create...@gmail.com] Sent: Monday, July 07, 2014 12:05 PM To: CloudStack-Users Subject: recreate iptables rules on hosts I just upgraded to 4.3 from 4.1. On 4.1 I had disabled iptables on my XenServer hosts because I had had problems accessing my instances. Which now I believe was due to ipset not working with the kernel I had (see my other threads on that if interested). Now that I am on 4.3 (and with a properly working ipset in XenServer), it looks like every time a new instance is created, iptables is getting started and a new rule added to access the new instance (as expected). However, all my existing instances become unreachable because they do not have rules. Is there tool to have Cloudstack re-create all the rules for existing instances on the hosts? In case it matters I am using basic networking without security groups. thanks, Carlos
Re: recreate iptables rules on hosts
As in service network restart on the hosts or something in the cloudstack UI? On Jul 7, 2014, at 6:06 AM, Sanjeev Neelarapu sanjeev.neelar...@citrix.com wrote: Restart network might help you. -Original Message- From: Carlos Reátegui [mailto:create...@gmail.com] Sent: Monday, July 07, 2014 12:05 PM To: CloudStack-Users Subject: recreate iptables rules on hosts I just upgraded to 4.3 from 4.1. On 4.1 I had disabled iptables on my XenServer hosts because I had had problems accessing my instances. Which now I believe was due to ipset not working with the kernel I had (see my other threads on that if interested). Now that I am on 4.3 (and with a properly working ipset in XenServer), it looks like every time a new instance is created, iptables is getting started and a new rule added to access the new instance (as expected). However, all my existing instances become unreachable because they do not have rules. Is there tool to have Cloudstack re-create all the rules for existing instances on the hosts? In case it matters I am using basic networking without security groups. thanks, Carlos
