Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)

wq meng Tue, 21 May 2013 23:36:00 -0700

Hello Jayapal,


https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html

I have checked  Network  ->  Guest Network (Name) ->

I can not find out any  Egress fire rule tab.


Have I missed something?


Thank you very much.




On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi <
jayapalreddy.ur...@citrix.com> wrote:

> Hi,
>
> Did you configure the egress firewall rules on the guest network ?
> You need to add egress rules to allow guest traffic.
>
> After adding egress rule it not works, please send router iptables rules.
>
> Thanks,
> Jayapal
>
> On 22-May-2013, at 4:10 AM, wq meng <wqm...@gmail.com> wrote:
>
> > Hello
> >
> > Anyone have faced this problem?  CS4.02 KVM Advanced Network, VM instance
> > can not access public IP.  NAT(Source)
> >
> >
> > That the VM instance running, but inside the VM instance, it is not
> > possible to access outside.
> >
> >
> > It can ping VMs each other,   It can ping google.com in the* Virtual
> Router
> > VM.*
> >
> > But just can not ping Google.com inside the VM instance.
> >
> >
> > Seems inside the VM instance,  It can resolve the Google.com 's IP
> address.
> > BUT can not do others.
> >
> > Please see the following output.
> >
> >
> > ------------------------
> > [root@CentOS5-5 ~]# wget www.google.com
> > --2013-05-21 08:30:39--  http://www.google.com/
> > Resolving www.google.com... 173.194.64.104, 173.194.64.99,
> 173.194.64.105,
> > ...
> > Connecting to www.google.com|173.194.64.104|:80...
> > [root@CentOS5-5 ~]# ls
> >
> > -------------------------
> > [root@CentOS5-5 ~]# iptables -L
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere            icmp any
> > ACCEPT     esp  --  anywhere             anywhere
> > ACCEPT     ah   --  anywhere             anywhere
> > ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
> > ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
> > ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
> > ACCEPT     all  --  anywhere             anywhere            state
> > RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp
> > dpt:ssh
> > REJECT     all  --  anywhere             anywhere            reject-with
> > icmp-host-prohibited
> > [root@CentOS5-5 ~]# ping 8.8.8.8
> > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> >
> > --- 8.8.8.8 ping statistics ---
> > 3 packets transmitted, 0 received, 100% packet loss, time 2000ms
> >
> > --------------------------
> > [root@CentOS5-5 ~]# ifconfig
> > eth0      Link encap:Ethernet  HWaddr 02:00:2D:C8:00:01
> >          inet addr:10.1.1.5  Bcast:10.1.1.255  Mask:255.255.255.0
> >          inet6 addr: fe80::2dff:fec8:1/64 Scope:Link
> >          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >          RX packets:2442 errors:0 dropped:0 overruns:0 frame:0
> >          TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0
> >          collisions:0 txqueuelen:1000
> >          RX bytes:174960 (170.8 KiB)  TX bytes:154159 (150.5 KiB)
> >
> > lo        Link encap:Local Loopback
> >          inet addr:127.0.0.1  Mask:255.0.0.0
> >          inet6 addr: ::1/128 Scope:Host
> >          UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
> >          TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
> >          collisions:0 txqueuelen:0
> >          RX bytes:3913 (3.8 KiB)  TX bytes:3913 (3.8 KiB)
> >
> > ----------------------------
> >
> > [root@CentOS5-5 ~]# tracert www.google.com
> > traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte
> packets
> > 1  r-4-VM.cs2cloud.internal (10.1.1.1)  0.158 ms  0.136 ms  0.134 ms
> > 2  * * *
> > 3  * * *
> > 4  * * *
> > 5  * * *
> > 6  * * *
> > 7  * * *
> > 8  * * *
> > 9  * * *
> > 10  * * *
> > 11  * * *
> > 12  * * *
> > 13  * * *
> > 14  * * *
> > 15  * * *
> > 16  * * *
> > 17  * * *
> > 18  * * *
> > 19  * * *
> > 20  * * *
> > 21  * * *
> > 22  * * *
> > 23  * * *
> > 24  * * *
> > 25  * * *
> > 26  * * *
> > 27  * * *
> > 28  * * *
> > 29  * * *
> > 30  * * *
> >
> > ----------------
> >
> >
> > Any thoughts?
> >
> >
> >
> >
> > Thank you very much.
>
>

Re: CS4.02 KVM Advanced Network, VM instance can not access public IP. NAT(Source)

Reply via email to