Why the rule set will lost after iptables restarting?How can I do to avoid it?
------------------ Original ------------------ From: "Jayapal Reddy Uradi"<jayapalreddy.ur...@citrix.com>; Date: Wed, Jun 26, 2013 12:34 PM To: "users"<users@cloudstack.apache.org>; Subject: RE: Is this a bug? Hi, It is not a bug. I think it is working as expected. Please find my inline comments. Thanks, Jayapal > -----Original Message----- > From: WXR [mailto:474745...@qq.com] > Sent: Wednesday, 26 June 2013 7:16 AM > To: users > Subject: Is this a bug? > > cloudstack version: 4.1 > > network type: basic zone and basic network > > security group setting: > Protocol Start Port End Port CIDR > TCP 1 65535 0.0.0.0/0 > UDP 1 65535 0.0.0.0/0 > ICMP -1 -1 0.0.0.0/0 > > VM OS: windows > > 1.I can ping the vm and connect to it by rdp. ICMP -1 -1 means allow icmp protocol all types and codes (255,255). RDP uses tcp 3399, tcp all ports are opened. So icmp and rdp are allowed to reach vm. > 2.When I restart the iptables of the Host physical machine,I can not ping the > vm,but I can still connect to it by rdp. When you restart the iptables please make sure the cloudstack configured rules are set before checking the traffic. RDP is working because the connection is in established state. > 3.When I delete the ICMP rule of security group and add the same rule > again.I can ping the vm. When you restart ipables rules, I think the icmp rule set by cloudstack is lost. When you reconfigure the icmp rules on the Host is configured and traffic to the vm is allowed. .
