Hello Can you tell me, how do I find if this is my guest network.
This is what I find in configuration for the guestnetwork: Name defaultGuestNetwork Type Shared State Setup VPC ID N/A Persistent No broadcasturi vlan://untagged Network CIDR IPv6 Gateway IPv6 CIDR Reserved IP Range Redundant Router No Network domain cs1cloud.internal I guess, the answer to your question is NO. But how do I make proper configuration? best regards, Jevgeni On Wed, Sep 19, 2018 at 4:53 PM Simon Weller <swel...@ena.com.invalid> wrote: > Is your guest network the bond0.200? > > > > > ________________________________ > From: Jevgeni Zolotarjov <j.zolotar...@gmail.com> > Sent: Wednesday, September 19, 2018 9:34 AM > To: users@cloudstack.apache.org > Subject: Re: Unable to communicate to instances on new host - iptables? > > sure > > iptables: > *mangle > :PREROUTING ACCEPT [4215:32894293] > :INPUT ACCEPT [3585:32849592] > :FORWARD ACCEPT [756:57998] > :OUTPUT ACCEPT [3739:715406] > :POSTROUTING ACCEPT [4495:773404] > COMMIT > > *nat > :PREROUTING ACCEPT [22:3593] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [3:4508] > :POSTROUTING ACCEPT [25:8101] > COMMIT > > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [28:1788] > :OUTPUT ACCEPT [0:0] > -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > -A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT > -A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to > 127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable > -A INPUT -m comment --comment "Accept all incoming" -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow > all incoming on established connections" -j ACCEPT > -A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT > COMMIT > > > On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <swel...@ena.com.invalid> > wrote: > > > Can you provide your iptables rules on your hosts? > > > > > > > > ________________________________ > > From: Jevgeni Zolotarjov <j.zolotar...@gmail.com> > > Sent: Wednesday, September 19, 2018 9:29 AM > > To: users@cloudstack.apache.org > > Subject: Re: Unable to communicate to instances on new host - iptables? > > > > sorry. corrected network config > > > > ifcfg-bond0: > > TYPE=Bond > > BONDING_MASTER=yes > > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0" > > DEVICE=bond0 > > ONBOOT=yes > > BOOTPROTO=none > > USERCTL=no > > HOTPLUG=no > > BRIDGE=cloudbr0 > > NM_CONTROLLED=no > > > > ifcfg-bond0.200: > > DEVICE=bond0.200 > > ONBOOT=yes > > HOTPLUG=no > > BOOTPROTO=none > > VLAN=yes > > BRIDGE=cloudbr1 > > > > > > ifcfg-cloudbr0: > > DEVICE=cloudbr0 > > TYPE=Bridge > > ONBOOT=yes > > BOOTPROTO=none > > IPV6INIT=no > > IPV6_AUTOCONF=no > > DELAY=5 > > STP=yes > > IPADDR=192.168.1.5 > > GATEWAY=192.168.1.1 > > NETMASK=255.255.254.0 > > > > ifcfg-cloudbr1: > > DEVICE=cloudbr1 > > TYPE=Bridge > > ONBOOT=yes > > BOOTPROTO=none > > IPV6INIT=no > > IPV6_AUTOCONF=no > > DELAY=5 > > STP=yes > > > > On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov < > j.zolotar...@gmail.com > > > > > wrote: > > > > > Hi Simon, > > > > > > I am not using advanced network. > > > > > > Here is my network configuration > > > ifcfg-bond0: > > > TYPE=Bond > > > BONDING_MASTER=yes > > > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0" > > > DEVICE=bond0 > > > ONBOOT=yes > > > BOOTPROTO=none > > > USERCTL=no > > > HOTPLUG=no > > > BRIDGE=cloudbr0 > > > NM_CONTROLLED=no > > > > > > ifcfg-bond0.200: > > > DEVICE=bond0.200 > > > ONBOOT=yes > > > HOTPLUG=no > > > BOOTPROTO=none > > > VLAN=yes > > > BRIDGE=cloudbr1 > > > > > > ifcfg-cloudbr0: > > > > > > DEVICE=bond0.200 > > > ONBOOT=yes > > > HOTPLUG=no > > > BOOTPROTO=none > > > #TYPE=Ethernet > > > VLAN=yes > > > BRIDGE=cloudbr1 > > > > > > ifcfg-cloudbr0: > > > DEVICE=cloudbr0 > > > TYPE=Bridge > > > ONBOOT=yes > > > BOOTPROTO=none > > > IPV6INIT=no > > > IPV6_AUTOCONF=no > > > DELAY=5 > > > STP=yes > > > IPADDR=192.168.1.5 > > > GATEWAY=192.168.1.1 > > > NETMASK=255.255.254.0 > > > > > > ifcfg-cloudbr1: > > > DEVICE=cloudbr1 > > > TYPE=Bridge > > > ONBOOT=yes > > > BOOTPROTO=none > > > IPV6INIT=no > > > IPV6_AUTOCONF=no > > > DELAY=5 > > > STP=yes > > > > > > > > > > > > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <swel...@ena.com.invalid> > > > wrote: > > > > > >> Jevgeni, > > >> > > >> > > >> What type of networking are you using on your hosts? If advanced, what > > >> type of isolation? > > >> > > >> > > >> - Si > > >> > > >> ________________________________ > > >> From: Jevgeni Zolotarjov <j.zolotar...@gmail.com> > > >> Sent: Wednesday, September 19, 2018 3:17 AM > > >> To: users@cloudstack.apache.org > > >> Subject: Unable to communicate to instances on new host - iptables? > > >> > > >> Hello! > > >> > > >> We are running CS 4.11.1 on CentOS7 (latest) > > >> > > >> Previously the installation had just 1 KVM host. > > >> Now we added another identical host. > > >> After some configuration hassle with libvirtd, new host is up and > > running. > > >> > > >> I followed strictly the host installation guide for 4.11. > > >> But instances running on new host are not accessible via tcp/ip. > Neither > > >> they can access network. > > >> > > >> I found out that stopping iptables on new host resolves the problem. > But > > >> this is not the solution, I guess. > > >> > > >> Please help. > > >> > > > > > >