I had this issue too some days ago. I solved it by logging into the Virtual Router over ssh and adding this rule to the Firewall:
iptables -A FW_OUTBOUND -j ACCEPT I hope this helps. Regards -----Mensaje original----- De: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] Enviado el: jueves, 27 de junio de 2013 12:37 Para: <users@cloudstack.apache.org> Asunto: Re: How to create a network offering without firewall? Is internet accessible from from router ? If it is accessible please send router iptables rules on pastebin.com Thanks, jayapal On 27-Jun-2013, at 3:34 PM, WXR <474745...@qq.com> wrote: > Sorry,the instance can access the vrouter gateway ip ,but can not access the > Internet. > > > ------------------ Original ------------------ > From: "WXR"<474745...@qq.com>; > Date: Thu, Jun 27, 2013 06:01 PM > To: "users"<users@cloudstack.apache.org>; > > Subject: Re: How to create a network offering without firewall? > > > > I have added a egress rule like this: > Source CIDR Protocol Start Port End Port > 0.0.0.0/0 All All All > > The vrouter vm can also access the Internet. > But the instance vm is still able to access the vrouter gateway ip and the > Internet. > > > > > ------------------ Original ------------------ > From: "Murali Reddy"<murali.re...@citrix.com>; > Date: Thu, Jun 27, 2013 05:21 PM > To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>; > > Subject: Re: How to create a network offering without firewall? > > > > > Yes, egress firewall default action is 'BLOCK'. Here is a nice blog > from Radhika > http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules > -in-a > pache-cloudstack/ > > On 27/06/13 2:21 PM, "WXR" <474745...@qq.com> wrote: > >> By the way , when I select the default guestnetworkwithsourceNAT and >> create an instance,the vm can not access to the Internet,is this a >> default setting?how can I let the vm access the Internet? >> >> >> >> >> ------------------ Original ------------------ >> From: "Murali Reddy"<murali.re...@citrix.com>; >> Date: Thu, Jun 27, 2013 04:46 PM >> To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>; >> >> Subject: Re: How to create a network offering without firewall? >> >> >> >> >> Also, by default all the ports that will be used by edge services are >> blocked by iptable config in the router VM templates. They needed to >> be opened explicitly with firewall rules. >> >> On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" >> <jayapalreddy.ur...@citrix.com> >> wrote: >> >>> With out firewall provider you can't have sourceNAT and static NAT >>> services because these services are provided by firewall provider only. >>> >>> Thanks, >>> Jayapal >>> >>> On 27-Jun-2013, at 1:35 PM, WXR <474745...@qq.com> >>> wrote: >>> >>>> If I create a new network offering and check >>>> dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall >>>> service.But the firewall will be added into it automatically. >>>> I don't need the firewall service ,how can I create a network >>>> offering without firewall? >>> >>> >> >> >> . > > > .
