cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com>
Subject RE: ICMP traffic will not traverse
Date Mon, 03 Dec 2012 11:57:25 GMT
You can't ping the guest VM from the public network.
Adding icmp rule on public IP allows to ping only public IP but not the guest VM.

>From cloudstack UI  you can reach the guest VM tcp/udp ports.
Below are the steps to ssh to guest vm from the public network:

1.       Aquire public IP  P1, on the network.

2.       Add firewall rule 0.0.0.0/0 tcp 22-22

3.       Add port forwarding rule with ports 22-22 and guest VM.

4.       After this ssh to P1 will gives the access to guest VM.
Thanks,
Jayapal

From: Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
Sent: Monday, December 03, 2012 3:24 PM
To: cloudstack-users@incubator.apache.org
Subject: Re: ICMP traffic will not traverse

Thanks for that Nik,
I have tried that and I still get no response back.  The instances have no firewall in place.
---
Michael Hart-Jones BEng



[cid:image001.png@01CDD17B.737F2F30]

E-Mail: mhartjones@accessit.co.uk<mailto:mhartjones@accessit.co.uk>

Tel: (01227) 750555

Fax: (01227) 750070

[cid:image002.png@01CDD17B.737F2F30]
On 01/12/12 18:29, Nik Martin wrote:
On 11/26/2012 11:01 AM, Michael Hart-Jones wrote:

The Security policies in place show 0.0.0.0/0 allowing ports 0-65535 on UDP and TCP. I have
tried to do the same thing with ICMP but with no luck.
Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP, with type 8 (echo) and
code 0
THEN make sure the vm you are pinging is not also dropping pings via some firewall rule.


---
Michael Hart-Jones BEng
E-Mail: mhartjones@accessit.co.uk<mailto:mhartjones@accessit.co.uk> <mailto:mhartjones@accessit.co.uk><mailto:mhartjones@accessit.co.uk>
Tel: (01227) 750555
Fax: (01227) 750070

On 26/11/12 16:57, Boylan, James wrote:


This is a normal behavior for VMs within an isolated basic network. They don't pass any traffic
except port 22 for SSH and that only works if the egress rules are in place.

--James

*From:*Michael Hart-Jones [mailto:mhartjones@accessit.co.uk]
*Sent:* Monday, November 26, 2012 10:50 AM
*To:* cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>
*Subject:* ICMP traffic will not traverse

I am having an issue with my servers. The setup is as follows

_Management Server, Host1 and Host2_
Centos 6.2
Cloudstack 3.0.2

The server was setup by a collegue who has left since but I have noticed that we do not have
the ability to send ICMP traffic to our virtualised hosts, prime example being ping.
I can see he has setup basic networking, and I do not have the time to try and change this
over. I have tried to setup the security policies to allow it but I cannot get any response.
Has anyone got any ideas where I should start looking?

---

Michael Hart-Jones BEng





E-Mail: mhartjones@accessit.co.uk<mailto:mhartjones@accessit.co.uk> <mailto:mhartjones@accessit.co.uk><mailto:mhartjones@accessit.co.uk>



Tel: (01227) 750555



Fax: (01227) 750070





------------------------------------------------------------------------

*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.

Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>
<http://www.accessit.co.uk><http://www.accessit.co.uk>

Company number: 3117204
*************************************************************************************************



------------------------------------------------------------------------
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.

Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>

Company number: 3117204
*************************************************************************************************



________________________________
*************************************************************************************************
Disclaimer: This message may only be read in context and with common sense.
If concerned by it or in doubt, please destroy it. If this message is not meant for you,
we have made a mistake and would appreciate your help. We promise that we mean
no offence and will endeavour to rectify our mistake.

Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk>

Company number: 3117204
*************************************************************************************************

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message