????Cloudstack??????iptables???????????????? etc/sysconfig/iptables?????????? ??????????iptables???????????????????????? [root@pcs-kvm-1 sysconfig]# cat iptables # Generated by iptables-save v1.4.7 on Fri Apr 11 22:43:43 2014 *nat :PREROUTING ACCEPT [11:787] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Fri Apr 11 22:43:43 2014 # Generated by iptables-save v1.4.7 on Fri Apr 11 22:43:43 2014 *mangle :PREROUTING ACCEPT [104:18665] :INPUT ACCEPT [94:17956] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [64:6436] :POSTROUTING ACCEPT [64:6436] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Fri Apr 11 22:43:43 2014 # Generated by iptables-save v1.4.7 on Fri Apr 11 22:43:43 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Fri Apr 11 22:43:43 2014 [root@pcs-kvm-1 sysconfig]#
------------------ ???????? ------------------ ??????: "[email protected]";<[email protected]>; ????????: 2014??4??28??(??????) ????1:45 ??????: "users-cn"<[email protected]>; ????: ????: ?????? ???????????????? ????????????????????cloudstack ?????????????? ?????????????????? ???? iptables ?????????????????????????????????????????????????????????? iptables ?????????????????????????????????? cloudstack ???????? [email protected] ???????? [email protected]?????????? 2014-04-28 13:38???????? users-cn?????? ????: ?????? ???????????????? ?????????????????????? ?????? ????--???????? ?????????????? ???????????????????? http://my.oschina.net/u/572653/blog/148200 ????????????1 ?? [email protected] ???????? ???????????????? 2014-04-28 13:30???????? users-cn?????? ?????? ?????? ?????????????????????????????????????? ??????????????????????Ping??????????kvm???????????????????????????????? ???????????????????????? ------------------ ???????? ------------------ ??????: "[email protected]";<[email protected]>; ????????: 2014??4??28??(??????) ????1:27 ??????: "users-cn"<[email protected]>; ????: Re: ?????? ???????????????? ??ping????????????????????vnc?????????????????????????????????????????????????????? ?? 2014??4??28?? ????1:16???????? <[email protected]> ?????? > ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????ping???? > > > > > ------------------ ???????? ------------------ > ??????: "??????";<[email protected]>; > ????????: 2014??4??28??(??????) ????11:58 > ??????: "users-cn"<[email protected]>; > > ????: ?????? ???????????????? > > > > ???????????????????????????????????????? > > ????????????WinSewrver2008?? 32?? > > ?????????? > > ------------------ ???????? ------------------ > ??????: "[email protected]";<[email protected]>; > ????????: 2014??4??28??(??????) ????11:29 > ??????: "users-cn"<[email protected]>; > > ????: Re: ???????????????? > > > > ?????????????????????????? > ????????????????????????????????????????OK > > 2014-04-28 10:07 GMT+08:00 ?????? <[email protected]>: >> ????:????????????ping????,????????????????????(??????????????????????????????),????ping??(????????????????????ping????????). >> ??????????????????????????????????????????????,???????? >> >> iptable????????: # cat /etc/sysconfig/iptables >> # Generated by iptables-save v1.4.7 on Tue Apr 8 14:50:58 2014 >> *nat >> :PREROUTING ACCEPT [0:0] >> :POSTROUTING ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> COMMIT >> # Completed on Tue Apr 8 14:50:58 2014 >> # Generated by iptables-save v1.4.7 on Tue Apr 8 14:50:58 2014 >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT >> -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT >> -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT >> -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 3260 -j ACCEPT >> -A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT >> -A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT >> -A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT >> -A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT >> -A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT >> -A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT >> COMMIT >> # Completed on Tue Apr 8 14:50:58 2014 >> >> ????,??kvm??????agent????????????????: >> >> 2014-04-25 14:42:52,517 WARN [kvm.resource.LibvirtComputingResource] >> (agentRequest-Handler-5:null) Failed to program network rules for vm >> i-2-264-VM >> 2014-04-25 14:42:52,732 WARN [kvm.resource.LibvirtComputingResource] >> (agentRequest-Handler-1:null) Failed to program network rules for vm >> i-2-332-VM >> 2014-04-25 14:42:52,943 WARN [kvm.resource.LibvirtComputingResource] >> (agentRequest-Handler-4:null) Failed to program network rules for vm >> i-2-332-VM > > > > -- > ?????? (Born Bai) > > ???????????????????????????? > > Mail: [email protected] > . -- ?????? (Born Bai) ???????????????????????????? Mail: [email protected]
