I think UI link is missed but it is fixed after that. Try to add rules using the API 'createEgressFirewallRule'
Thanks, Jayapal On 22-May-2013, at 12:05 PM, wq meng <wqm...@gmail.com> wrote: > Hello Jayapal, > > > https://cwiki.apache.org/CLOUDSTACK/egress-firewall-rules-for-guest-network.html > > I have checked Network -> Guest Network (Name) -> > > I can not find out any Egress fire rule tab. > > > Have I missed something? > > > Thank you very much. > > > > > On Wed, May 22, 2013 at 1:23 PM, Jayapal Reddy Uradi < > jayapalreddy.ur...@citrix.com> wrote: > >> Hi, >> >> Did you configure the egress firewall rules on the guest network ? >> You need to add egress rules to allow guest traffic. >> >> After adding egress rule it not works, please send router iptables rules. >> >> Thanks, >> Jayapal >> >> On 22-May-2013, at 4:10 AM, wq meng <wqm...@gmail.com> wrote: >> >>> Hello >>> >>> Anyone have faced this problem? CS4.02 KVM Advanced Network, VM instance >>> can not access public IP. NAT(Source) >>> >>> >>> That the VM instance running, but inside the VM instance, it is not >>> possible to access outside. >>> >>> >>> It can ping VMs each other, It can ping google.com in the* Virtual >> Router >>> VM.* >>> >>> But just can not ping Google.com inside the VM instance. >>> >>> >>> Seems inside the VM instance, It can resolve the Google.com 's IP >> address. >>> BUT can not do others. >>> >>> Please see the following output. >>> >>> >>> ------------------------ >>> [root@CentOS5-5 ~]# wget www.google.com >>> --2013-05-21 08:30:39-- http://www.google.com/ >>> Resolving www.google.com... 173.194.64.104, 173.194.64.99, >> 173.194.64.105, >>> ... >>> Connecting to www.google.com|173.194.64.104|:80... >>> [root@CentOS5-5 ~]# ls >>> >>> ------------------------- >>> [root@CentOS5-5 ~]# iptables -L >>> Chain INPUT (policy ACCEPT) >>> target prot opt source destination >>> RH-Firewall-1-INPUT all -- anywhere anywhere >>> >>> Chain FORWARD (policy ACCEPT) >>> target prot opt source destination >>> RH-Firewall-1-INPUT all -- anywhere anywhere >>> >>> Chain OUTPUT (policy ACCEPT) >>> target prot opt source destination >>> >>> Chain RH-Firewall-1-INPUT (2 references) >>> target prot opt source destination >>> ACCEPT all -- anywhere anywhere >>> ACCEPT icmp -- anywhere anywhere icmp any >>> ACCEPT esp -- anywhere anywhere >>> ACCEPT ah -- anywhere anywhere >>> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns >>> ACCEPT udp -- anywhere anywhere udp dpt:ipp >>> ACCEPT tcp -- anywhere anywhere tcp dpt:ipp >>> ACCEPT all -- anywhere anywhere state >>> RELATED,ESTABLISHED >>> ACCEPT tcp -- anywhere anywhere state NEW >> tcp >>> dpt:ssh >>> REJECT all -- anywhere anywhere reject-with >>> icmp-host-prohibited >>> [root@CentOS5-5 ~]# ping 8.8.8.8 >>> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. >>> >>> --- 8.8.8.8 ping statistics --- >>> 3 packets transmitted, 0 received, 100% packet loss, time 2000ms >>> >>> -------------------------- >>> [root@CentOS5-5 ~]# ifconfig >>> eth0 Link encap:Ethernet HWaddr 02:00:2D:C8:00:01 >>> inet addr:10.1.1.5 Bcast:10.1.1.255 Mask:255.255.255.0 >>> inet6 addr: fe80::2dff:fec8:1/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:2442 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:2261 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:174960 (170.8 KiB) TX bytes:154159 (150.5 KiB) >>> >>> lo Link encap:Local Loopback >>> inet addr:127.0.0.1 Mask:255.0.0.0 >>> inet6 addr: ::1/128 Scope:Host >>> UP LOOPBACK RUNNING MTU:16436 Metric:1 >>> RX packets:32 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:0 >>> RX bytes:3913 (3.8 KiB) TX bytes:3913 (3.8 KiB) >>> >>> ---------------------------- >>> >>> [root@CentOS5-5 ~]# tracert www.google.com >>> traceroute to www.google.com (173.194.64.106), 30 hops max, 40 byte >> packets >>> 1 r-4-VM.cs2cloud.internal (10.1.1.1) 0.158 ms 0.136 ms 0.134 ms >>> 2 * * * >>> 3 * * * >>> 4 * * * >>> 5 * * * >>> 6 * * * >>> 7 * * * >>> 8 * * * >>> 9 * * * >>> 10 * * * >>> 11 * * * >>> 12 * * * >>> 13 * * * >>> 14 * * * >>> 15 * * * >>> 16 * * * >>> 17 * * * >>> 18 * * * >>> 19 * * * >>> 20 * * * >>> 21 * * * >>> 22 * * * >>> 23 * * * >>> 24 * * * >>> 25 * * * >>> 26 * * * >>> 27 * * * >>> 28 * * * >>> 29 * * * >>> 30 * * * >>> >>> ---------------- >>> >>> >>> Any thoughts? >>> >>> >>> >>> >>> Thank you very much. >> >>
