cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Keerl <jeroen.ke...@keerl-it.com>
Subject SecurityGroup - not working?
Date Wed, 21 Sep 2016 20:13:03 GMT
Hi,

I had a few things configured on ACS – Basic Zone – Security Groups.
Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8.
Basic Networking, VMs created from template, also CentOS 6.8

At first (default, first VM test) I could not log in using SSH.
Then I created the appropriate ingress rule and all was ok.
Same with ICMP (Ping) for 0.0.0.0/0
Now I wanted to test a few things in my test environment and removed these rules, actually
expecting that neither SSH nor ping would go through anymore.

Unfortunately they do, so apparently rules once set are not revoked upon deletion.
I would expect nothing to come through, if no ingress rules are set, no matter what iptables
on the VM itself does.

Tests:
- Delete all ingress rules (ping, SSH and webmin (TCP 10000))
- Disable iptables on VM
⇨ Ping, ssh went through, Webmin didn’t.
- Enable iptables on VM
⇨ Ping and ssh went through
- Insert ingress rule for webmin, iptables still enables
⇨ Webmin times out (expected behaviour)
- Disable iptables
⇨ Webmin works

In the documentation you are pointed towards the “The procedure is described in Basic Zone
Configuration in the Advanced Installation Guide.”
(Managing Networks and Traffic – Enabling Security Groups)
Searched for it on the Apache Site: Not found.
Google gave me the “Advanced Installation Guide” from Citrix, Version 3.*.* … in which
you are directed to the administration guide.
Not really helpful!

Does anybody know about this / experienced something like this before?





Jeroen Keerl


Keerl IT Services GmbH
Birkenstraße 1b . 21521 Aumühle

+49 177 6320 317

www.keerl-it.com
info@keerl-it.com

Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511

Unsere Allgemeine Geschäftsbedingungen finden Sie hier.



Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message