cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lynch, Gerard" <Gerard.Ly...@bskyb.com>
Subject Re: Security Groups
Date Fri, 13 Sep 2013 10:13:34 GMT
By default XenServer (6.x) disables iptable/arptable checking over bridges
in /etc/sysctl.conf
- you'll need to ensure those are enabled.

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-arptables = 1



On 13/09/2013 04:55, "Jijun" <jijunlx@gmail.com> wrote:

>hi , i encounter the same problem,
>
>as i know, XenServer 6.2 need not  the CSP.
>
>but the ingress not be blocked by default. i can ping all the Vms in
>that security group.
>
>i don't know why?
>
>Thanks.
>
>On 09/13/2013 02:02 AM, Michael Phillips wrote:
>> So that is definitely going to be the issue. I missed that in the 8.2.7
>>section of the install guide.
>>
>>> From: Sangeetha.Hariharan@citrix.com
>>> To: dev@cloudstack.apache.org
>>> Subject: RE: Security Groups
>>> Date: Thu, 12 Sep 2013 17:19:16 +0000
>>>
>>> If you are using Xenserver hosts , can you make sure you have the CSP
>>>packages installed?
>>>
>>> -Thanks
>>> Sangeetha
>>>
>>> -----Original Message-----
>>> From: Michael Phillips [mailto:mphilli7823@hotmail.com]
>>> Sent: Thursday, September 12, 2013 9:33 AM
>>> To: dev@cloudstack.apache.org
>>> Subject: Security Groups
>>>
>>> I posed this question in the user list, but I figured I would throw it
>>>out here as well...So If I have created a zone with the
>>>"DefaultSharedNetworkOfferingWithSGService" network offering, then
>>>created a VM using the default security group, which has 0 ingress
>>>rules, I should NOT be able to do things like PING that VM correct? The
>>>answer to the above question was answered "correct"...My next question
>>>is, in that case what are some things I could look at to see why it's
>>>not behaving as expected.
>>>   		 	   		
>>   		 	   		
>
>
>-- 
>Thanks,
>Jijun
>
>


Information in this email including any attachments may be privileged, confidential and is
intended exclusively for the addressee. The views expressed may not be official policy, but
the personal views of the originator. If you have received it in error, please notify the
sender by return e-mail and delete it from your system. You should not reproduce, distribute,
store, retransmit, use or disclose its contents to anyone. Please note we reserve the right
to monitor all e-mail communication through our internal and external networks. SKY and the
SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and
are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home
Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration
No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration
No. 2247735). All of the companies mentioned in this paragraph are incorporated in England
and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.



Mime
View raw message