Hi, Did you configure the egress firewall rules on the guest network ? You need to add egress rules to allow guest traffic.
After adding egress rule it not works, please send router iptables rules. Thanks, Jayapal On 22-May-2013, at 4:10 AM, wq meng <wqm...@gmail.com> wrote: > Hello > > Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance > can not access public IP. NAT(Source) > > > That the VM instance running, but inside the VM instance, it is not > possible to access outside. > > > It can ping VMs each other, It can ping google.com in the* Virtual Router > VM.* > > But just can not ping Google.com inside the VM instance. > > > Seems inside the VM instance, It can resolve the Google.com 's IP address. > BUT can not do others. > > Please see the following output. > > > ------------------------ > [root@CentOS5-5 ~]# wget www.google.com > --2013-05-21 08:30:39-- http://www.google.com/ > Resolving www.google.com... 173.194.64.104, 173.194.64.99, 173.194.64.105, > ... > Connecting to www.google.com|173.194.64.104|:80... > [root@CentOS5-5 ~]# ls > > ------------------------- > [root@CentOS5-5 ~]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere icmp any > ACCEPT esp -- anywhere anywhere > ACCEPT ah -- anywhere anywhere > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns > ACCEPT udp -- anywhere anywhere udp dpt:ipp > ACCEPT tcp -- anywhere anywhere tcp dpt:ipp > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT tcp -- anywhere anywhere state NEW tcp > dpt:ssh > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > [root@CentOS5-5 ~]# ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. > > --- 8.8.8.8 ping statistics --- > 3 packets transmitted, 0 received, 100% packet loss, time 2000ms > > -------------------------- > [root@CentOS5-5 ~]# ifconfig > eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 > inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 > inet6 addr: fe80::2dff:fec8:1/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:32 errors:0 dropped:0 overruns:0 frame:0 > TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) > > ---------------------------- > > [root@CentOS5-5 ~]# tracert www.google.com > traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte packets > 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms > 2 * * * > 3 * * * > 4 * * * > 5 * * * > 6 * * * > 7 * * * > 8 * * * > 9 * * * > 10 * * * > 11 * * * > 12 * * * > 13 * * * > 14 * * * > 15 * * * > 16 * * * > 17 * * * > 18 * * * > 19 * * * > 20 * * * > 21 * * * > 22 * * * > 23 * * * > 24 * * * > 25 * * * > 26 * * * > 27 * * * > 28 * * * > 29 * * * > 30 * * * > > ---------------- > > > Any thoughts? > > > > > Thank you very much.
