cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Hart-Jones <mhartjo...@accessit.co.uk>
Subject Re: ICMP traffic will not traverse
Date Mon, 03 Dec 2012 12:04:56 GMT
Thanks Jayapal,
The systems are accessable on UDP and TCP protocols due to the current 
security policy.

Current rules allow traffic ingress on ports 0 - 65535 on UDP and TCP to 
0.0.0.0/0, and on the egress to, and there are no issues with this.
However the ICMP is setup with type 0 and code 0 to 0.0.0.0/0, I have 
also setup type 8 and code 0, the type and code used by ping, to 
0.0.0.0/0 but have no luck.

Any other thoughts?
---
Michael Hart-Jones BEng 		
E-Mail: mhartjones@accessit.co.uk <mailto:mhartjones@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070

On 03/12/12 11:57, Jayapal Reddy Uradi wrote:
>
> You can't ping the guest VM from the public network.
>
> Adding icmp rule on public IP allows to ping only public IP but not 
> the guest VM.
>
> From cloudstack UI  you can reach the guest VM tcp/udp ports.
>
> Below are the steps to ssh to guest vm from the public network:
>
> 1.Aquire public IP  P1, on the network.
>
> 2.Add firewall rule 0.0.0.0/0 tcp 22-22
>
> 3.Add port forwarding rule with ports 22-22 and guest VM.
>
> 4.After this ssh to P1 will gives the access to guest VM.
>
> Thanks,
>
> Jayapal
>
> *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
> *Sent:* Monday, December 03, 2012 3:24 PM
> *To:* cloudstack-users@incubator.apache.org
> *Subject:* Re: ICMP traffic will not traverse
>
> Thanks for that Nik,
> I have tried that and I still get no response back.  The instances 
> have no firewall in place.
> ---
>
> Michael Hart-Jones BEng
>
> 	
>
> 	
>
> E-Mail: mhartjones@accessit.co.uk <mailto:mhartjones@accessit.co.uk>
>
> 	
>
> Tel: (01227) 750555
>
> 	
>
> Fax: (01227) 750070
>
> 	
>
> On 01/12/12 18:29, Nik Martin wrote:
>
>     On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:
>
>     The Security policies in place show 0.0.0.0/0 allowing ports
>     0-65535 on UDP and TCP. I have tried to do the same thing with
>     ICMP but with no luck.
>
>     Make sure you also create a rule for cidr 0.0.0.0/0 on protocol
>     ICMP, with type 8 (echo) and code 0
>     THEN make sure the vm you are pinging is not also dropping pings
>     via some firewall rule.
>
>
>     ---
>     Michael Hart-Jones BEng
>     E-Mail: mhartjones@accessit.co.uk
>     <mailto:mhartjones@accessit.co.uk>
>     <mailto:mhartjones@accessit.co.uk> <mailto:mhartjones@accessit.co.uk>
>     Tel: (01227) 750555
>     Fax: (01227) 750070
>
>     On 26/11/12 16:57, Boylan, James wrote:
>
>
>     This is a normal behavior for VMs within an isolated basic
>     network. They don't pass any traffic except port 22 for SSH and
>     that only works if the egress rules are in place.
>
>     --James
>
>     *From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
>     *Sent:* Monday, November 26, 2012 10:50 AM
>     *To:* cloudstack-users@incubator.apache.org
>     <mailto:cloudstack-users@incubator.apache.org>
>     *Subject:* ICMP traffic will not traverse
>
>     I am having an issue with my servers. The setup is as follows
>
>     _Management Server, Host1 and Host2_
>     Centos 6.2
>     Cloudstack 3.0.2
>
>     The server was setup by a collegue who has left since but I have
>     noticed that we do not have the ability to send ICMP traffic to
>     our virtualised hosts, prime example being ping.
>     I can see he has setup basic networking, and I do not have the
>     time to try and change this over. I have tried to setup the
>     security policies to allow it but I cannot get any response. Has
>     anyone got any ideas where I should start looking?
>
>     ---
>
>     Michael Hart-Jones BEng
>
>
>
>
>
>     E-Mail: mhartjones@accessit.co.uk
>     <mailto:mhartjones@accessit.co.uk>
>     <mailto:mhartjones@accessit.co.uk> <mailto:mhartjones@accessit.co.uk>
>
>
>
>     Tel: (01227) 750555
>
>
>
>     Fax: (01227) 750070
>
>
>
>
>
>     ------------------------------------------------------------------------
>
>
>     *************************************************************************************************
>
>     Disclaimer: This message may only be read in context and with
>     common sense.
>     If concerned by it or in doubt, please destroy it. If this message
>     is not meant for you,
>     we have made a mistake and would appreciate your help. We promise
>     that we mean
>     no offence and will endeavour to rectify our mistake.
>
>     Our full contact details can be found on www.accessit.co.uk
>     <http://www.accessit.co.uk> <http://www.accessit.co.uk>
>     <http://www.accessit.co.uk>
>
>     Company number: 3117204
>     *************************************************************************************************
>
>
>
>
>
>     ------------------------------------------------------------------------
>
>     *************************************************************************************************
>
>     Disclaimer: This message may only be read in context and with
>     common sense.
>     If concerned by it or in doubt, please destroy it. If this message
>     is not meant for you,
>     we have made a mistake and would appreciate your help. We promise
>     that we mean
>     no offence and will endeavour to rectify our mistake.
>
>     Our full contact details can be found on www.accessit.co.uk
>     <http://www.accessit.co.uk>
>
>     Company number: 3117204
>     *************************************************************************************************
>
>
>
>
> ------------------------------------------------------------------------
>
> *************************************************************************************************
> Disclaimer: This message may only be read in context and with common sense. 
>
> If concerned by it or in doubt, please destroy it. If this message is not meant for you,

>
> we have made a mistake and would appreciate your help. We promise that we mean 
>
> no offence and will endeavour to rectify our mistake.
>
> Our full contact details can be found on www.accessit.co.uk 
> <http://www.accessit.co.uk>
>
> Company number: 3117204
> *************************************************************************************************
>



*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense. 
If concerned by it or in doubt, please destroy it. If this message is not meant for you, 
we have made a mistake and would appreciate your help. We promise that we mean 
no offence and will endeavour to rectify our mistake. 

Our full contact details can be found on www.accessit.co.uk

Company number: 3117204
*************************************************************************************************

Mime
View raw message