Ok, so in your host there is nothing blocking the in-out/going requests, but still the ping command does not work?
That rule you presented earlier should not block “icmp-echo-request”. On Tue, Apr 5, 2016 at 9:36 AM, Syafiq Rokman <msyafiq.rok...@gmail.com> wrote: > I've checked the host iptables just now...there were rules accomodating the > SSVM and CPVM. > But I've made the mistake of flushing the iptables rules without any > backup. > Now Iptables -P, -L has: > > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -A INPUT -j ACCEPT > -A INPUT -j ACCEPT > -A FORWARD -j ACCEPT > -A OUTPUT -j ACCEPT > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > One more thing, this setup is self-hosted.The MS and host are on the same > machine. > > > > On Tue, Apr 5, 2016 at 8:22 PM Rafael Weingärtner < > rafaelweingart...@gmail.com> wrote: > > > Those rules should not block the "ping" comand, hence they are meant to > > block "http" right? > > > > > > I have been having the same problem lately with XenServer. > > > > The iptables rules that are rejecting my traffic are at the host itself. > > > > Can you check your host iptables configs? > > > > On Tue, Apr 5, 2016 at 3:42 AM, Syafiq Rokman <msyafiq.rok...@gmail.com> > > wrote: > > > > > Hi, > > > > > > Can't ping the default gateway of the SSVM or 8.8.8.8 from the SSVM. > > > I'm using KVM as hypervisor. > > > > > > Tried changing iptables rules on SSVM using > > > > > > iptables -F > > > iptables -X > > > iptables -t nat -F > > > iptables -t nat -X > > > iptables -t mangle -F > > > iptables -t mangle -X > > > iptables -P INPUT ACCEPT > > > iptables -P FORWARD ACCEPT > > > iptables -P OUTPUT ACCEPT > > > > > > to allow all connections, but keep getting this at Chain OUTPUT: > > > > > > REJECT tcp -- anywhere anywhere state NEW > > tcp > > > dpt:http reject-with icmp-port-unreachable > > > REJECT tcp -- anywhere anywhere state NEW > > tcp > > > dpt:https reject-with icmp-port-unreachable > > > > > > > > > > > > On Mon, Apr 4, 2016 at 6:49 PM Rafael Weingärtner < > > > rafaelweingart...@gmail.com> wrote: > > > > > > > What hypervisor are you using? > > > > Did change the iptables rules at the SSVM itself? > > > > > > > > On Mon, Apr 4, 2016 at 6:50 AM, Glenn Wagner < > > glenn.wag...@shapeblue.com > > > > > > > > wrote: > > > > > > > > > Hi, > > > > > > > > > > Can you ping the default gateway of the SSVM? > > > > > Can you ping google DNS 8.8.8.8 from the SSVM? > > > > > > > > > > Thanks > > > > > Glenn > > > > > > > > > > > > > > > Regards, > > > > > > > > > > Glenn Wagner > > > > > > > > > > glenn.wag...@shapeblue.com > > > > > www.shapeblue.com > > > > > 2nd Floor, Oudehuis Centre, 122 Main Rd, Somerset West, Cape Town > > > > > 7130South Africa > > > > > @shapeblue > > > > > > > > > > -----Original Message----- > > > > > From: Syafiq Rokman [mailto:msyafiq.rok...@gmail.com] > > > > > Sent: Monday, 04 April 2016 11:16 AM > > > > > To: users@cloudstack.apache.org > > > > > Subject: SSVM cant route to MS, Iptables keep self-updating > > > > > > > > > > Hi everyone! > > > > > > > > > > Im running CS 4.8 on Ubuntu 14.04 LTS. > > > > > > > > > > So I've managed to set up everything, but I still cant install > > > templates. > > > > > So I SSH-ed into the SSVM and ran the healthcheck and it seems that > > the > > > > > SSVM can't connect to the DNS. > > > > > > > > > > Logs says that it can't route to host. > > > > > > > > > > So I've tried to allow all outgoing/incoming connections on > Iptables, > > > but > > > > > it keeps changing back to deny outgoing connections. > > > > > > > > > > Any ideas on how to proceed? > > > > > > > > > > Will provide logs if anyone needs it. > > > > > > > > > > Thanks > > > > > Syafiq Rokman > > > > > B.ICT Student > > > > > > > > > > > > > > > > > > > > > -- > > > > Rafael Weingärtner > > > > > > > > > > > > > > > -- > > Rafael Weingärtner > > > -- > Syafiq Rokman > B. ICT Student > Universiti Teknologi PETRONAS > -- Rafael Weingärtner
