Figured it out....
Apparently by default outbound traffic is blocked by egress rule...implemented
an egress rule and it's working....
> From: mphilli7...@hotmail.com
> To: users@cloudstack.apache.org
> Subject: One last hurdle
> Date: Sat, 22 Feb 2014 18:37:45 -0600
>
>
>
>
> I am almost there to having a working config with advanced network on vsphere
> 5.1
> So I am using a pretty basic advanced network zone using vlan for isolation.
> Details are below:
> Public range = x.x.233.0/24
> Guest cidr = 10.1.1.0/24
> VLAN range = 400-405
>
> 1. I create an instance of the default centos5.3 template, choosing to create
> a isolated network based on
> "DefaultIsolatedNetworkOfferingWithSourceNatService"
> 2. The system spawns a system router.
> 3. The system spawns the guest vm.
> 4. The router is made a part of the public vlan 233 and the isolated vlan 400
> 5. The guest vm is made a part of the isolated vlan 400.
> 6. The router is assigned an IP address on the isolated network of 10.1.1.1.
> The router is able to get out to the internet fine, and is able to ping the
> guest instance.
> 7. The guest is assigned an ip address on the isolated network. The guest vm
> is able to ping the router
> Network Topology would look as follows:
> guestvm ---> system router ---> firewall ---> router ---> internet
> Up to this point everything LOOKS perfect...BUT...my guest vm is not able to
> get out to the internet.
> At first I thought my problem might be with the hop after the system router
> which is my firewall. So what I did was to imitate what CS is doing, but with
> windows machines. Basically I spawned two machines, one which acted as a
> guest vm, the other to act as a system router. On the windows box, which I
> simulated the system router, I enabled routing and remote access to enable
> NAT. In this configuration the guest vm was able to use the simulated system
> router and browse the internet just fine. The test topology would look as
> follows:
> guest vm ---> simulated router running windows and NAT ---> firewall --->
> router ---> internet
> So this leads me to believe that something is wrong with the system router
> and how it is NAT'ing. Up to this point I have tried the default network
> service "DefaultIsolatedNetworkOfferingWithSourceNatService" and created a
> new network offering using DNS,DHCP, and SourceNAT.
> I think once I get past this hurdle I will be be good to go....any help is
> hugely appreciated!!
>
>
>
>
>
