Re: Network for instance
Hi Darrin, Because I deploy cloudstack server. NFS server and KVM server in same local IP, can I assign public IP for instance ? On 2020/12/17 14:00:11, Darrin Hüsselmann wrote: > Hi Duc, > > Have you set egress rules for your network? It certainly is possible to ping > instances on your network. > > Regards > Darrin > > From: Thanh Đức > Sent: Thursday, December 17, 2020 3:28 PM > To: users@cloudstack.apache.org > Subject: Network for instance > > Hi all, > > I tried to create instance on laptop (A) with cloudstack server , nfs server > and kvm host same server IP. > > I already create instance. I use another laptop (B) connect same wifi. I > tried use laptop (B) ping instance already created by laptop (A) but it can > not. > I ping via LAN > > It is possible ? > > darrin.husselm...@shapeblue.com > www.shapeblue.com > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > >
Re: Network for instance
Hi Duc, Have you set egress rules for your network? It certainly is possible to ping instances on your network. Regards Darrin From: Thanh Đức Sent: Thursday, December 17, 2020 3:28 PM To: users@cloudstack.apache.org Subject: Network for instance Hi all, I tried to create instance on laptop (A) with cloudstack server , nfs server and kvm host same server IP. I already create instance. I use another laptop (B) connect same wifi. I tried use laptop (B) ping instance already created by laptop (A) but it can not. I ping via LAN It is possible ? darrin.husselm...@shapeblue.com www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
Network for instance
Hi all, I tried to create instance on laptop (A) with cloudstack server , nfs server and kvm host same server IP. I already create instance. I use another laptop (B) connect same wifi. I tried use laptop (B) ping instance already created by laptop (A) but it can not. I ping via LAN It is possible ?
Add customer's isolated network to Instance
Ok guys, I don't know how to solve my problem... We're a Service Provider and we'd like to implement a shared Netscaler Gateway VPX to provide Virtual Servers to customers that wants to build their own XenApp infrastructure in our Cloud. So, an our customer already deployed an instance that hosts Citrix Storefront, DDC and so on, and other instances that are the VDAs Servers and that hosts the company apps. We created a Virtual Server in the Netscaler VPX in our Isolated Network and configure it to point to the public IP (we use Advanced Networking) of the customer's VR. With a couple or firewall and port forwarding rule we're able to authenticate the users on the NS (that authenticate users on the customer's Active Directory deployed in customer's Isolated Network). When user start an app, I see that Netscaler is trying to contact the VDA server private IP (that is in the customer's Isolated Network), obviously without success. After a lot of research we see that Netscaler should have an interface (called SNIP) in the same subnet of the VDAs Servers. So... it's possible to add to our Netscaler a NIC that reside in the Isolated Network of our customer? Thank you!!
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
-- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination NETWORK_STATS all -- anywhere anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
-- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhereudp dpt:bootps ACCEPT udp -- anywhere anywhereudp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www Chain FORWARD (policy DROP) target prot opt source destination NETWORK_STATS all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination NETWORK_STATS all -- anywhere anywhere Chain NETWORK_STATS (3 references) target prot opt source destination all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere all -- anywhere anywhere all -- anywhere anywhere tcp -- anywhere anywhere tcp -- anywhere anywhere And the link have been fixed in the Git ? Thank you so much. On Wed, May 22, 2013 at 2:55 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule' Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng wqm...@gmail.com wrote: Hello Jayapal, https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-netwo rk.html I have checked Network - Guest Network (Name) - I can not find out any Egress fire rule tab. Have I missed something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
something? Thank you very much. On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi jayapalreddy.ur...@citrix.com wrote: Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.
Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)
Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic. After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng wqm...@gmail.com wrote: Hello Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source) That the VM instance running, but inside the VM instance, it is not possible to access outside. It can ping VMs each other, It can ping google.com in the* Virtual Router VM.* But just can not ping Google.com inside the VM instance. Seems inside the VM instance, It can resolve the Google.com 's IP address. BUT can not do others. Please see the following output. [root@CentOS5-5 ~]# wget www.google.com --2013-05-21 08:30:39-- http://www.google.com/ Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, ... Connecting to www.google.com|173.194.64.104|:80... [root@CentOS5-5 ~]# ls - [root@CentOS5-5 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhereicmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhereudp dpt:ipp ACCEPT tcp -- anywhere anywheretcp dpt:ipp ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywherestate NEW tcp dpt:ssh REJECT all -- anywhere anywherereject-with icmp-host-prohibited [root@CentOS5-5 ~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms -- [root@CentOS5-5 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::2dff:fec8:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) [root@CentOS5-5 ~]# tracert www.google.com traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any thoughts? Thank you very much.