Hi Jevgeni, > (1) client -> VM1:80/app -> VM2:8080/app > (2) client -> VM1:80/data -> VM3:8080/data > > This was working fine before the reinstallation. > We found that it works, if we stop iptables. > > But with iptables ON, (1) works, but (2) does not work - it gives > connection refused. > How can this be resolved?
With "iptables ON", I assume you are referring to the VM's own firewall, correct? Netfilter logging should help to debug this. You can find plenty of resources on how to create log chains on the web, for example here: https://www.thegeekstuff.com/2012/08/iptables-log-packets/ If you meant the CloudStack firewall, make sure you have the correct rules in place. Note that if you're using *external* (i.e. NAT) IPs to access a service from a different VM, you need an explicit firewall rule. It's best to use internal hostnames/IPs for VM-to-VM traffic though. Does that help or did I totally miss your point?
