cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Sadhu <Suresh.Sa...@citrix.com>
Subject RE: Cloudstack 4.3 instances can't access outside world
Date Thu, 10 Apr 2014 14:21:22 GMT
Ok  then work around is manually append rule to cloudbr1 . 

Take the backup of iptables rules 
Manfully detach the eth interface from  cloudbr0  and attach to cloudbr1
Apply the all exiting  firewall  rules manually on the interface gain


After that your VMs will access the public network.


Regards
Sadhu



-----Original Message-----
From: motty cruz [mailto:motty.cruz@gmail.com] 
Sent: 10 April 2014 19:40
To: users@cloudstack.apache.org
Subject: Re: Cloudstack 4.3 instances can't access outside world

yes, I'm am using traffic labels, everything was working fine before the upgrade to 4.3. did
not change anything on the cloudbr0 or cloudbr1.


On Thu, Apr 10, 2014 at 7:05 AM, Suresh Sadhu <Suresh.Sadhu@citrix.com>wrote:

> Did you used traffic name labels?
>
> In 4.3 traffic labels are not considering ,by default its attaching to 
> default  traffic labels(eg:in KVM its cloudbr0 ...due to this unable 
> to access public network i.r before upgrade if ieth2 attached cloudbr1 
> and after upgrade its attached to cloudbr0).maybe you are hitting this issue.
>
> Regards
> sadhu
>
>
> -----Original Message-----
> From: motty cruz [mailto:motty.cruz@gmail.com]
> Sent: 10 April 2014 19:28
> To: users@cloudstack.apache.org
> Subject: Re: Cloudstack 4.3 instances can't access outside world
>
> yes I can ping VR, also after the upgrade VR has four insterfaces, 
> eth0 subnet for Instances, eth1, eth2 for public IP and eth3 for public IP.
>
>
> On Wed, Apr 9, 2014 at 10:35 PM, Erik Weber <terbolous@gmail.com> wrote:
>
> > Can you ping the VR? Log on to the VR, and get the iptables rules. 
> > How do they look?
> >
> > Erik Weber
> > 10. apr. 2014 00:21 skrev "motty cruz" <motty.cruz@gmail.com> følgende:
> >
> > > I did add egress rules, reboot network but no sucess, so I removed 
> > > that rules and nothing.
> > >
> > > I am lost.
> > >
> > >
> > > On Wed, Apr 9, 2014 at 9:08 AM, Erik Weber <terbolous@gmail.com>
> wrote:
> > >
> > > > Did you remove the egress rule again? If not, try that.
> > > >
> > > > Erik
> > > > 9. apr. 2014 15:49 skrev "motty cruz" <motty.cruz@gmail.com>
> følgende:
> > > >
> > > > > yes I try adding the rule, restart network and router but no
> success!
> > > > >
> > > > >
> > > > > On Tue, Apr 8, 2014 at 11:16 PM, Erik Weber 
> > > > > <terbolous@gmail.com>
> > > wrote:
> > > > >
> > > > > > Try adding an egress rule, and removing it again.
> > > > > >
> > > > > > We experience the same, but has so far believed it was 
> > > > > > because we
> > > > changed
> > > > > > the default rule from deny to allow after accounts were made..
> > > > > >
> > > > > >
> > > > > > On Tue, Apr 8, 2014 at 11:14 PM, motty cruz 
> > > > > > <motty.cruz@gmail.com>
> > > > > wrote:
> > > > > >
> > > > > > > I have two isolated network both virtual routers can ping
> > anywhere,
> > > > but
> > > > > > the
> > > > > > > Instances behind the virtual router can't ping or access

> > > > > > > the
> > > > internet.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Tue, Apr 8, 2014 at 10:38 AM, motty cruz <
> > motty.cruz@gmail.com>
> > > > > > wrote:
> > > > > > >
> > > > > > > > Hello,
> > > > > > > > I'm having issues with VMs unable to access outside
world.
> > > > > > > > I
> > can
> > > > ping
> > > > > > > > gateway, also when I log in to virtual router, I am
able 
> > > > > > > > to
> > ping
> > > > > > > > google.com or anywhere.
> > > > > > > > in the Egress rules I am allowing all. reboot network

> > > > > > > > and
> > virtual
> > > > > > router
> > > > > > > > does not help.
> > > > > > > >
> > > > > > > > VMs were able to access outside before upgrading from

> > > > > > > > 4.2 to
> > 4.3.
> > > > > > > >
> > > > > > > > any ideas?
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Mime
View raw message