Okay, so I figured out why my system VM's are unable to route traffic.
Our network is pretty basic in CloudStack. We have a single shared guest network VLAN2, when I bring up the zone, the system VM's get an IP address from the defaultGuestNetwork which is a routable network on our core router. The System VM can ping the gateway however it cannot reach anything such as internet addresses or other networks shown by the router. Checked the host for IP tables rules and found the below -A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A FORWARD -o cloudbr0 -j DROP -A FORWARD -i cloudbr0 -j DROP -A FORWARD -o brbond0-2 -m physdev --physdev-is-bridged -j BF-brbond0-2 -A FORWARD -i brbond0-2 -m physdev --physdev-is-bridged -j BF-brbond0-2 -A FORWARD -o brbond0-2 -j DROP -A FORWARD -i brbond0-2 -j DROP After removing drop rules the System VM's were able to get traffic flow again. It can download ISO's and Templates but only if I remove those DROP rules. Is this an issue with execution order on Ubuntu 20.04? To allow traffic to the System VM's and then to promptly drop traffic again? Or am I looking at this all the wrong way. An example of our network: management: 10.0.0.0/24 (VLAN1) guest: 10.0.1.0/24 (VLAN2) Followed all the CloudStack documentation using Advanced Networking with Security Groups Thank you Pieter On 10 February 2021 at 11:27, Pieter Koorts <pieter.koo...@me.com> wrote: Hello, Are SystemVM's meant to have a default gateway? When I SSH directly into the SSVM, I can see it is attached to 3 networks (management, guest, loopback) however there is no gateway set so they are unable to ping externally to the outside world. Was having trouble uploading templates and wondered if this will be the cause. Thank you Pieter
