Where should I add a firewall rule, manually using iptables inside the Virtual Router? Consider that I have no firewall in my network layout preventing ICMP to reach the Virtual Router.
On Fri, Dec 20, 2013 at 1:57 AM, Andrei Mikhailovsky <and...@arhont.com>wrote: > > > Francesco, > > I believe you need to add a firewall rule to allow ingress ICMP traffic. > Once allowed you should be able to ping it. > > Andrei > > ----- Original Message ----- > > From: "Francesco Maria Magnini" <fmm1...@gmail.com> > To: users@cloudstack.apache.org > Sent: Thursday, 19 December, 2013 11:23:37 PM > Subject: Re: [Advanced Zone] Isolated Source NAT issue (NAT not working) > > Hi Geoff, > > I've added a "permit all" egress rule (source 0.0.0.0/0 ALL) and now guest > VMs can connect to Internet. > Is it normal that the Virtual Router is still not reachable through the > public network? > I cannot ping its public IP address (other 2 public SSVM are pingables). > > Regards > > > On Thu, Dec 19, 2013 at 7:12 PM, Geoff Higginbottom < > geoff.higginbot...@shapeblue.com> wrote: > > > Francesco, > > > > Have you enabled egress rules to allow outbound traffic for guest VMs > > > > If you are trying to ping the public IP of the VR it will not respond due > > to security settings, however the SSVM and CPVM do respond. > > > > Regards > > > > Geoff Higginbottom > > CTO / Cloud Architect > > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > > +442036030540>| M: +447968161581<tel:+447968161581> > > > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > > > > |www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@shapeblue< > > https://twitter.com/#!/shapeblue> > > > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N > > 4HS<x-apple-data-detectors://5> > > > > > > On 19 Dec 2013, at 18:04, "Francesco Maria Magnini" <fmm1...@gmail.com > > <mailto:fmm1...@gmail.com>> wrote: > > > > Hi guys, > > > > I cannot ping internet from VMs. > > Pinging from Virtual Router is ok. > > > > In addition, SSVM are reachable from outside (storage/proxy ssvm) through > > addresses configured in public network range, Virtual router is not > > reachable (but can ping internet). > > > > Any idea? > > > > > > -- > > "I videogiochi non influenzano i bambini. > > Voglio dire, se pac-man avesse influenzato la nostra generazione, > > staremmo tutti saltando in sale scure, > > masticando pillole magiche e ascoltando musica elettronica > > ripetitiva..." > > > > (Kristian Wilson, Nintendo Inc, 1989) > > This email and any attachments to it may be confidential and are intended > > solely for the use of the individual to whom it is addressed. Any views > or > > opinions expressed are solely those of the author and do not necessarily > > represent those of Shape Blue Ltd or related companies. If you are not > the > > intended recipient of this email, you must neither take any action based > > upon its contents, nor copy or show it to anyone. Please contact the > sender > > if you believe you have received this email in error. Shape Blue Ltd is a > > company incorporated in England & Wales. ShapeBlue Services India LLP is > a > > company incorporated in India and is operated under license from Shape > Blue > > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > Brasil > > and is operated under license from Shape Blue Ltd. ShapeBlue is a > > registered trademark. > > > > > > -- > “I videogiochi non influenzano i bambini. > Voglio dire, se pac-man avesse influenzato la nostra generazione, > staremmo tutti saltando in sale scure, > masticando pillole magiche e ascoltando musica elettronica > ripetitiva...” > > (Kristian Wilson, Nintendo Inc, 1989) > > -- “I videogiochi non influenzano i bambini. Voglio dire, se pac-man avesse influenzato la nostra generazione, staremmo tutti saltando in sale scure, masticando pillole magiche e ascoltando musica elettronica ripetitiva...” (Kristian Wilson, Nintendo Inc, 1989)
