Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2B2B819AF6 for ; Tue, 5 Apr 2016 12:37:05 +0000 (UTC) Received: (qmail 8867 invoked by uid 500); 5 Apr 2016 12:37:04 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 8814 invoked by uid 500); 5 Apr 2016 12:37:04 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 8802 invoked by uid 99); 5 Apr 2016 12:37:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Apr 2016 12:37:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id CE093C7C75 for ; Tue, 5 Apr 2016 12:37:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id q72-H4W2_p4g for ; Tue, 5 Apr 2016 12:37:02 +0000 (UTC) Received: from mail-ig0-f181.google.com (mail-ig0-f181.google.com [209.85.213.181]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id B9EAA5FAF5 for ; Tue, 5 Apr 2016 12:37:01 +0000 (UTC) Received: by mail-ig0-f181.google.com with SMTP id gy3so53551892igb.0 for ; Tue, 05 Apr 2016 05:37:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=//WseEatT6ftl1zhlW5skY2ohfaHrDlbEcvl+SsTaY0=; b=dpbkGev3Wf9iGsATXYoVAqzQdNgT9eMKge4EvCVCCkKPvl3nCrgzj5FO2D7/E2j7UX Mw8ePSIRZbCY0qmNiZxzUtk803Np/Ziddzr3yIdBituwx3RsZN8UvPMIfIbsItAsOSSf ABkFMIWwli/eG3NxfbVmaMSBLRYsMtvOmjlxlsodU0J8uRH5WEIXB9jRHoFp7AXQLkJP /sFCACcGgITo05k0RldktslpiB055DMPeV8wQLPhq0rKOiJTeM0V6j3V81MG7zR920D7 qYygDxycHd/u94oHthGTZhDF5DAUu4BcV5a8k1q0uF8PuZiDyFvk1pw4vcFB8aV5XUWe /vXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=//WseEatT6ftl1zhlW5skY2ohfaHrDlbEcvl+SsTaY0=; b=MA0odm7H24Xg7Ea3tcvSjlDiO5qmrM8kTHUN99a2DMfy0AuuTAlHB4NBQu9+BBmpz4 TI1bAIg+SpxsBYA9Gq8d/GfhbpI9NCf958BsDA1Smo8/DA0hxd+89Ug9zODviIzVmPvH VGeTaN2jxegm3QgUBx5ijXKKobP92/ItNEEf2oJTuvMzOJgdpIPlt28eOjHgr+eRNyvr fRjDTbQw32Qohntq7cbQCHqJbNJqtaaIyF6oms9O+CbGxSnnvlHeG1f7dObcLMwYFJ+q i0q1cKUBSWtEZtkU9XcTYk06CqjD4ZB5rdxELq+G8ZEO7BOGKVQfCh5hS0MI9EQHS/tI Nmpg== X-Gm-Message-State: AD7BkJLiE7U2FWI/2OxExe/LN9R2aRLLBtX+H8qRTcRIMjDL2jxJgAthmEQAL3eHwLMbFdq+GUTEOSF8mSKWRQ== X-Received: by 10.50.43.129 with SMTP id w1mr17123238igl.47.1459859821052; Tue, 05 Apr 2016 05:37:01 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Syafiq Rokman Date: Tue, 05 Apr 2016 12:36:51 +0000 Message-ID: Subject: Re: SSVM cant route to MS, Iptables keep self-updating To: "users@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=089e0103e3660e5972052fbc1a93 --089e0103e3660e5972052fbc1a93 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I've checked the host iptables just now...there were rules accomodating the SSVM and CPVM. But I've made the mistake of flushing the iptables rules without any backup= . Now Iptables -P, -L has: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -j ACCEPT -A INPUT -j ACCEPT -A FORWARD -j ACCEPT -A OUTPUT -j ACCEPT Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere One more thing, this setup is self-hosted.The MS and host are on the same machine. On Tue, Apr 5, 2016 at 8:22 PM Rafael Weing=C3=A4rtner < rafaelweingartner@gmail.com> wrote: > Those rules should not block the "ping" comand, hence they are meant to > block "http" right? > > > I have been having the same problem lately with XenServer. > > The iptables rules that are rejecting my traffic are at the host itself. > > Can you check your host iptables configs? > > On Tue, Apr 5, 2016 at 3:42 AM, Syafiq Rokman > wrote: > > > Hi, > > > > Can't ping the default gateway of the SSVM or 8.8.8.8 from the SSVM. > > I'm using KVM as hypervisor. > > > > Tried changing iptables rules on SSVM using > > > > iptables -F > > iptables -X > > iptables -t nat -F > > iptables -t nat -X > > iptables -t mangle -F > > iptables -t mangle -X > > iptables -P INPUT ACCEPT > > iptables -P FORWARD ACCEPT > > iptables -P OUTPUT ACCEPT > > > > to allow all connections, but keep getting this at Chain OUTPUT: > > > > REJECT tcp -- anywhere anywhere state NEW > tcp > > dpt:http reject-with icmp-port-unreachable > > REJECT tcp -- anywhere anywhere state NEW > tcp > > dpt:https reject-with icmp-port-unreachable > > > > > > > > On Mon, Apr 4, 2016 at 6:49 PM Rafael Weing=C3=A4rtner < > > rafaelweingartner@gmail.com> wrote: > > > > > What hypervisor are you using? > > > Did change the iptables rules at the SSVM itself? > > > > > > On Mon, Apr 4, 2016 at 6:50 AM, Glenn Wagner < > glenn.wagner@shapeblue.com > > > > > > wrote: > > > > > > > Hi, > > > > > > > > Can you ping the default gateway of the SSVM? > > > > Can you ping google DNS 8.8.8.8 from the SSVM? > > > > > > > > Thanks > > > > Glenn > > > > > > > > > > > > Regards, > > > > > > > > Glenn Wagner > > > > > > > > glenn.wagner@shapeblue.com > > > > www.shapeblue.com > > > > 2nd Floor, Oudehuis Centre, 122 Main Rd, Somerset West, Cape Town > > > > 7130South Africa > > > > @shapeblue > > > > > > > > -----Original Message----- > > > > From: Syafiq Rokman [mailto:msyafiq.rokman@gmail.com] > > > > Sent: Monday, 04 April 2016 11:16 AM > > > > To: users@cloudstack.apache.org > > > > Subject: SSVM cant route to MS, Iptables keep self-updating > > > > > > > > Hi everyone! > > > > > > > > Im running CS 4.8 on Ubuntu 14.04 LTS. > > > > > > > > So I've managed to set up everything, but I still cant install > > templates. > > > > So I SSH-ed into the SSVM and ran the healthcheck and it seems that > the > > > > SSVM can't connect to the DNS. > > > > > > > > Logs says that it can't route to host. > > > > > > > > So I've tried to allow all outgoing/incoming connections on Iptable= s, > > but > > > > it keeps changing back to deny outgoing connections. > > > > > > > > Any ideas on how to proceed? > > > > > > > > Will provide logs if anyone needs it. > > > > > > > > Thanks > > > > Syafiq Rokman > > > > B.ICT Student > > > > > > > > > > > > > > > > -- > > > Rafael Weing=C3=A4rtner > > > > > > > > > -- > Rafael Weing=C3=A4rtner > --=20 Syafiq Rokman B. ICT Student Universiti Teknologi PETRONAS --089e0103e3660e5972052fbc1a93--