cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <>
Subject Re: egress fw problems in 4.10?
Date Fri, 17 Nov 2017 17:39:26 GMT
Thanks Jayapal,

Indeed, I checked and is not there. When I tried to add it manually I got an error:
ipset v6.12.1: The value of the CIDR parameter of the IP address is invalid

Hash:net types will not accept 0 prefix, it's happy to accept though, however I
still can't do any egress except for ICMP ping for some reason.

If I omit specifying a a dest CIDR, then I get trully unrestricted egress.

I need to investigate some more when I get time, something's fishy.

Sent from the Delta quadrant using Borg technology!


----- Original Message -----
> From: "Jayapal Uradi" <>
> To: "dev" <>
> Sent: Friday, 17 November, 2017 04:02:13
> Subject: Re: egress fw problems in 4.10?

> Hi Nux,
> I think the the ipset for destination cidr is not configured with due
> this you might see this issue.
> Please check the ipset and iptables rules once.
> iptables -L -nv
> ipset -L
> Thanks,
> Jayapal
>> On Nov 17, 2017, a t 6:55 AM, Nux! <> wrote:
>> Hi,
>> Just installed 4.10 today for a demo, but seems there are some problems with the
>> egress rules in isolated networks.
>> Is there anything wrong with this rule? ACS allows me to add it, but no outbound
>> traffic is allowed at all.
>>	All	All	All
>> If I replace with a certain IP/32, then traffic works.
>> Also, if I don't mention a destination cidr at all, outbound traffic also works,
>> but the docs state should be honoured as valid destination cidr.
>> Any ideas? I know there was recent work done on egress recently, maybe related
>> to that?
>> Lucian
>> --
>> Sent from the Delta quadrant using Borg technology!
>> Nux!
> ==========
> This e-mail may contain privileged and confidential information which is the
> property of Accelerite, a Persistent Systems business. It is intended only for
> the use of the individual or entity to which it is addressed. If you are not
> the intended recipient, you are not authorized to read, retain, copy, print,
> distribute or use this message. If you have received this communication in
> error, please notify the sender and delete all copies of this message.
> Accelerite, a Persistent Systems business does not accept any liability for
> virus infected mails.

View raw message