Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 15B24105B2 for ; Thu, 19 Sep 2013 07:24:57 +0000 (UTC) Received: (qmail 95119 invoked by uid 500); 19 Sep 2013 07:24:52 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 95056 invoked by uid 500); 19 Sep 2013 07:24:51 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 94446 invoked by uid 99); 19 Sep 2013 07:24:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Sep 2013 07:24:49 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sanjeev.neelarapu@citrix.com designates 103.14.252.240 as permitted sender) Received: from [103.14.252.240] (HELO SMTP.CITRIX.COM.AU) (103.14.252.240) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Sep 2013 07:24:45 +0000 X-IronPort-AV: E=Sophos;i="4.90,935,1371081600"; d="scan'208";a="137535" Received: from sinpex01cl03.citrite.net ([10.151.46.34]) by sinpip01.citrite.net with ESMTP/TLS/AES128-SHA; 19 Sep 2013 07:24:22 +0000 Received: from SINPEX01CL01.citrite.net ([169.254.1.152]) by SINPEX01CL03.citrite.net ([169.254.3.208]) with mapi id 14.02.0342.004; Thu, 19 Sep 2013 15:24:22 +0800 From: Sanjeev Neelarapu To: "users@cloudstack.apache.org" Subject: RE: Security Groups Thread-Topic: Security Groups Thread-Index: AQHOtODaqy6cjTnqXUqdDC5sTr0TrZnL6B2AgAAHP4CAAAVvAIAAAZyAgACx4mA= Date: Thu, 19 Sep 2013 07:24:21 +0000 Message-ID: References: ,,, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.146.0.129] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org By default xen6.0.2 comes with openvswitch. Set it to bridge mode by using = : "xe-switch-network-backend bridge" command on xenserver. -----Original Message----- From: Michael Phillips [mailto:mphilli7823@hotmail.com]=20 Sent: Thursday, September 19, 2013 10:16 AM To: users@cloudstack.apache.org Subject: RE: Security Groups Sorry posted the wrong thing...please view this. http://pastebin.com/NF28fpq7 > From: jayapalreddy.uradi@citrix.com > To: users@cloudstack.apache.org > Subject: Re: Security Groups > Date: Thu, 19 Sep 2013 04:40:14 +0000 >=20 > There are no cloudstack configured iptables rules on your xen host. > It seems iptables are stopped on the host ?=20 >=20 > Please check is CSP installed correctly not he host. > Please try to force connect or host once. >=20 >=20 > Thanks, > Jayapal >=20 >=20 >=20 > On 19-Sep-2013, at 9:50 AM, Michael Phillips > wrote: >=20 > > http://pastebin.com/xf9SBzVY > >=20 > >> From: jayapalreddy.uradi@citrix.com > >> To: users@cloudstack.apache.org > >> Subject: Re: Security Groups > >> Date: Thu, 19 Sep 2013 03:54:51 +0000 > >>=20 > >> Hi, > >> Can you please share host 'iptables -L -nv' output on pastebin > >>=20 > >> Thanks, > >> Jayapal > >>=20 > >> On 19-Sep-2013, at 8:04 AM, Michael Phillips=20 > >> > >> wrote: > >>=20 > >>> Having troubles getting security groups to function My "test"=20 > >>> environment is as follows: > >>> Cloudstack 4.1.1 on centos6.4Xen Server 6.0.2, CSP installed,=20 > >>> iptables running...not sure if it needs to be but it is by default, a= ll xen patches installed.Primary Storage =3D iscsiSecondary Storage =3D nfs= on mgmt serverSystem VM's and router are running as expected.Network =3D f= lat 192.168.50.0/24 I then create 2 instances(vm's) based on the centos5.6 = template provided and assign them to the "default" security group. The inst= ances are able to "ping" each other, and I thought the expected behavior is= that they should not be able to, since the default security group has 0 in= gress rules which should block all inbound traffic. > >>> What could I be missing?? > >>>=20 > >>>=20 > >>>=20 > >>> =20 > >>=20 > > =20 >=20 =20