Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
-- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination NETWORK_STATS all -- anywhere anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
-- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhereudp dpt:bootps ACCEPT udp -- anywhere anywhereudp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www Chain FORWARD (policy DROP) target prot opt source destination NETWORK_STATS all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination NETWORK_STATS all -- anywhere anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-netwo rk.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.