On Feb 22, 2014, at 8:13 PM, Michael Phillips <mphilli7...@hotmail.com> wrote:
> Figured it out.... > Apparently by default outbound traffic is blocked by egress > rule...implemented an egress rule and it's working…. Do you feel like writing some documentation :) We are moving to a new docs format and this: http://cloudstack-installation.readthedocs.org/en/latest/ needs a lot of love. > >> From: mphilli7...@hotmail.com >> To: users@cloudstack.apache.org >> Subject: One last hurdle >> Date: Sat, 22 Feb 2014 18:37:45 -0600 >> >> >> >> >> I am almost there to having a working config with advanced network on >> vsphere 5.1 >> So I am using a pretty basic advanced network zone using vlan for isolation. >> Details are below: >> Public range = x.x.233.0/24 >> Guest cidr = 10.1.1.0/24 >> VLAN range = 400-405 >> >> 1. I create an instance of the default centos5.3 template, choosing to >> create a isolated network based on >> "DefaultIsolatedNetworkOfferingWithSourceNatService" >> 2. The system spawns a system router. >> 3. The system spawns the guest vm. >> 4. The router is made a part of the public vlan 233 and the isolated vlan 400 >> 5. The guest vm is made a part of the isolated vlan 400. >> 6. The router is assigned an IP address on the isolated network of 10.1.1.1. >> The router is able to get out to the internet fine, and is able to ping the >> guest instance. >> 7. The guest is assigned an ip address on the isolated network. The guest vm >> is able to ping the router >> Network Topology would look as follows: >> guestvm ---> system router ---> firewall ---> router ---> internet >> Up to this point everything LOOKS perfect...BUT...my guest vm is not able to >> get out to the internet. >> At first I thought my problem might be with the hop after the system router >> which is my firewall. So what I did was to imitate what CS is doing, but >> with windows machines. Basically I spawned two machines, one which acted as >> a guest vm, the other to act as a system router. On the windows box, which I >> simulated the system router, I enabled routing and remote access to enable >> NAT. In this configuration the guest vm was able to use the simulated system >> router and browse the internet just fine. The test topology would look as >> follows: >> guest vm ---> simulated router running windows and NAT ---> firewall ---> >> router ---> internet >> So this leads me to believe that something is wrong with the system router >> and how it is NAT'ing. Up to this point I have tried the default network >> service "DefaultIsolatedNetworkOfferingWithSourceNatService" and created a >> new network offering using DNS,DHCP, and SourceNAT. >> I think once I get past this hurdle I will be be good to go....any help is >> hugely appreciated!! >> >> >> >> >> >
