Hello Team
I am using Cloudstack-4.3.0-1 on RHEL-6.3 64 Bit system. Right now I am
using Basic networking Setup for my deployment. I am using same system as
HY & Management server both !
and using this Information
Server IP address : 172.20.2.108/255.255.0.0
Zone = ZONE1
POD = POD1
Gateway = 172.20.0.1
Range = 172.20.0.10 172.20.0.30
Guest Gateway = 172.29.20.0.1
Range = 172.20.0.31-172.20.0.50
While I am registering any ISO it give me error for Connection refused !
After login to SSVM I found that I was unable to telnet the http port of my
ISO server 172.20.2.200 from that SSVM but after deleting the IPtables
rules from that SSVM firewall I can upload that image from cloud portal !
So I want to know why it happen ! and how can I fix this problem
permanently. or is their any configuration parameter need to be change from
Cloud Portal.
I am also attaching txt file for reference ! I
--
Thanks & Regards
Deepak Yadav
root@s-2-VM:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP icmp -- anywhere anywhere icmp
timestamp-request
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:3922
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:http reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere state NEW tcp
dpt:https reject-with icmp-port-unreachable
Chain HTTP (0 references)
target prot opt source destination
root@s-2-VM:~#
root@s-2-VM:~#
eth0 Link encap:Ethernet HWaddr 0e:00:a9:fe:01:48
inet addr:169.254.1.72 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::c00:a9ff:fefe:148/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:682 errors:0 dropped:0 overruns:0 frame:0
TX packets:300 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:52534 (51.3 KiB) TX bytes:43184 (42.1 KiB)
eth1 Link encap:Ethernet HWaddr 06:f4:e0:00:00:0d
inet addr:172.20.0.22 Bcast:172.20.255.255 Mask:255.255.0.0
inet6 addr: fe80::4f4:e0ff:fe00:d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:102616 errors:0 dropped:377 overruns:0 frame:0
TX packets:1766 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6405812 (6.1 MiB) TX bytes:274720 (268.2 KiB)
eth2 Link encap:Ethernet HWaddr 06:2a:80:00:00:17
inet addr:172.20.0.32 Bcast:172.20.255.255 Mask:255.255.0.0
inet6 addr: fe80::42a:80ff:fe00:17/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:101221 errors:0 dropped:380 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6075845 (5.7 MiB) TX bytes:318 (318.0 B)
eth3 Link encap:Ethernet HWaddr 06:b7:92:00:00:07
inet addr:172.20.0.16 Bcast:172.20.255.255 Mask:255.255.0.0
inet6 addr: fe80::4b7:92ff:fe00:7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:100793 errors:0 dropped:371 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6050147 (5.7 MiB) TX bytes:318 (318.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1032 (1.0 KiB) TX bytes:1032 (1.0 KiB)
root@s-2-VM:~#
root@s-2-VM:~# telnet 172.20.2.200 22
Trying 172.20.2.200...
Connected to 172.20.2.200.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
root@s-2-VM:~# telnet 172.20.2.200 80
Trying 172.20.2.200...
telnet: Unable to connect to remote host: Connection refused
root@s-2-VM:~#
root@s-2-VM:~# /sbin/iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 26 packets, 1168 bytes)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:443
2 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:3922
4 861 66566 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
5 1436 330K ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
6 0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
7 0 0 ACCEPT all -- eth3 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
8 18 1384 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
9 0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 13
10 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
11 5 300 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:3922
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2398 packets, 342K bytes)
num pkts bytes target prot opt in out source
destination
1 10 600 REJECT tcp -- * eth1 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80 reject-with icmp-port-unreachable
2 0 0 REJECT tcp -- * eth1 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:443 reject-with icmp-port-unreachable
Chain HTTP (0 references)
num pkts bytes target prot opt in out source
destination
root@s-2-VM:~# /sbin/iptables -D OUTPUT 1
root@s-2-VM:~# telnet 172.20.2.200 80
Trying 172.20.2.200...
Connected to 172.20.2.200.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
