cloudstack-users-cn mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "谢福平" <754282...@qq.com>
Subject 虚拟机网络不通
Date Tue, 29 Apr 2014 03:43:49 GMT
问题描述:
       当在集群中新建一个虚拟机时,如果虚拟机分配到了主机A上,那么,主机A上原有的虚拟机会ping不通;

       然后将主机A的防火墙关闭,不通的虚拟机就能ping通了。待主机A的防火墙自动起来后,所有的虚拟机也会正常运行,不会出现ping不通的现象。
 iptables文件内容如下:
[root@pcs-kvm-3 cloud]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sat Apr 12 17:52:24 2014
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat Apr 12 17:52:24 2014
# Generated by iptables-save v1.4.7 on Sat Apr 12 17:52:24 2014
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 
COMMIT
# Completed on Sat Apr 12 17:52:24 2014
# Generated by iptables-save v1.4.7 on Sat Apr 12 17:52:24 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT 
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Sat Apr 12 17:52:24 2014
 [root@pcs-kvm-3 cloud]#
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message