Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9F9E6CE14 for ; Thu, 13 Nov 2014 17:17:27 +0000 (UTC) Received: (qmail 48560 invoked by uid 500); 13 Nov 2014 17:17:26 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 48514 invoked by uid 500); 13 Nov 2014 17:17:26 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 48503 invoked by uid 99); 13 Nov 2014 17:17:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Nov 2014 17:17:26 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,HTML_OBFUSCATE_05_10,RCVD_IN_DNSWL_LOW X-Spam-Check-By: apache.org Received-SPF: unknown (athena.apache.org: error in processing during lookup of pdion@cloudops.com) Received: from [209.85.213.176] (HELO mail-ig0-f176.google.com) (209.85.213.176) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Nov 2014 17:17:22 +0000 Received: by mail-ig0-f176.google.com with SMTP id l13so27179iga.15 for ; Thu, 13 Nov 2014 09:15:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=3DBXDy13Rwvt6or+46D7x+iIdT95gZwkqLO8k2XrgYI=; b=T5weEJMyUocYP90mkAxS2xPePqbKgunGcf/2qSCWrlO4yMdgcI6kpuPyECEcuBuD+Y fxK8YkjRX4LO9YIG3zknLDa1WEKpZrw19P9NeyJ20qeGDoK7Nv9M1zxxNahfkocU9OVP kDkvpoIeLElZtUDR3EDkCj7dWvme0g79VmKjDOHRMUVvWNQWvgrrsJyAO4zHrBQV4b13 jg0jj08f97F9N+1FseVIMlNIekB8ZSpUNtg94fvyZNaYUX/Jtd2OfhFVc4nXcUo06yft XoUf9BaEukq6WyMZkjdHsgK9q/8ulZ9GOK39A2uJGeL8PvG4DoOnwYANJrVofljVHtYk 5CpQ== X-Gm-Message-State: ALoCoQm6kzetCn0iJrXxOWRdVVeZ4WF5G+n4GkOriBzsccW1iwD9Tb9HdSY6TMcGddPsccr6ptmP MIME-Version: 1.0 X-Received: by 10.107.28.131 with SMTP id c125mr4139769ioc.29.1415898951236; Thu, 13 Nov 2014 09:15:51 -0800 (PST) Received: by 10.50.93.67 with HTTP; Thu, 13 Nov 2014 09:15:51 -0800 (PST) In-Reply-To: References: Date: Thu, 13 Nov 2014 12:15:51 -0500 Message-ID: Subject: Re: [ACS430] Instances / network unable to access external network until an egress rule has been applied From: Pierre-Luc Dion To: "users@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=001a113fddfa06f6d00507c0aabe X-Virus-Checked: Checked by ClamAV on apache.org --001a113fddfa06f6d00507c0aabe Content-Type: text/plain; charset=UTF-8 Hi Erik, I've experiance similar behavior, but in my case, doing a stop/start from CloudStack of VR did solve the problem. I'm still not sure if rebooting the VR via SSH instead of using CloudStack API was root cause of the problem. *Pierre-Luc DION* Architecte de Solution Cloud | Cloud Solutions Architect t 855.652.5683 *CloudOps* Votre partenaire infonuagique* | *Cloud Solutions Experts 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 w cloudops.com *|* tw @CloudOps_ On Tue, Nov 11, 2014 at 4:54 PM, Erik Weber wrote: > I'm trying to find out if a bug we experience is known and fixed in a later > version or not. > > We're running ACS/CCP 4.3.0 on XenServer 6.2, with advanced networking > (VLAN isolated). > > The problem is that whenever a network is created or restarted it won't > allow external access before an egress rule has been applied and deleted > again. > > I suspect this is because of wrong iptables rules being applied on startup, > and that the rule addition/removal reconfigures it to be correct. > > I've done some initial searching in jira, but not found anything. > > Has anyone experienced anything like this, or are able to find any > commits/issues that matches this issue? > > > -- > Erik > --001a113fddfa06f6d00507c0aabe--