cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag Sonstebo <Dag.Sonst...@shapeblue.com>
Subject Re: AW: Firewall on xenserver
Date Mon, 21 Nov 2016 13:35:03 GMT
Hi Jeroen,

Fair enough – happy to stand corrected if this is the case. If you can trace this back to
a specific XS patch could you log a Jira ticket for it and provide details?

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

From: Jeroen Keerl <jeroen.keerl@keerl-it.com>
Reply-To: "users@cloudstack.apache.org" <users@cloudstack.apache.org>, "jeroen.keerl@keerl-it.com"
<jeroen.keerl@keerl-it.com>
Date: Monday, 21 November 2016 at 13:27
To: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
Subject: AW: Firewall on xenserver

Hi Dag,

I've spent the last weeks doing some testing with CS4.9 and Xen 6.5 and I did not have this
issue before.
Only the last two tests (yesterday and last week) this behaviour popped up, both with clean
Xen installations.

Looking though the last hotfixes, this one might be the culprit, although this is rather a
gut feeling.


Dag.Sonstebo@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 


-----Ursprüngliche Nachricht-----
Von: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com<mailto:Dag.Sonstebo@shapeblue.com>]
Gesendet: Montag, 21. November 2016 10:53
An: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Betreff: Re: Firewall on xenserver

Hi Ghait,

This doesn’t sound like normal behavior for XenServer 6.5 under CloudStack – I’m not
aware of any issues requiring the XS firewall to be modified.

I would suggest rebuilding your hosts and re-add to CloudStack. With regards to OpenManage
– I can see this does require some tweaking of firewalls (http://blog.hostduplex.com/2015/01/31/install-dell-openmanage-xenserver-6-5/
) – but even this doesn’t require you to disable the firewall (this blog post suggests
just adding a rule and restarting iptables).

All in all my advice would be to troubleshoot and fix the underlying issue rather than disabling
iptables – which could be a potential security issue.

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 21/11/2016, 09:39, "Ghaith Bannoura" <gbannoura@etq.com<mailto:gbannoura@etq.com>>
wrote:

    The purpose for it as below :

    1-the system VMs agent showing not running , after I stopped the firewall in xenservers
its working normally
    2-the instances accessible only when I stop the iptables from xenservers
    2- I installed open manage in the servers (Manage hardware for Dell servers) that need
changes from iptables )

    I have advanced zone with ACS 4.8 and xenserver 6.5

    Best Regards,
    EtQ, Inc.
    Ghaith Bannoura
    Senior System Administrator
    MCT, MCSE (Messaging, Server Infrastructure)
    MCSA (Windows Server 2008, 2012), MCP

       Phone: +9626-537-0923 Ext. 376
    P  Gbannoura@etq.com<mailto:Gbannoura@etq.com>
    G   http://www.etq.com

    -----Original Message-----
    From: Dag Sonstebo [mailto:Dag.Sonstebo@shapeblue.com<mailto:Dag.Sonstebo@shapeblue.com>]
    Sent: Monday, November 21, 2016 11:05 AM
    To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
    Subject: Re: Firewall on xenserver

    Hi Ghait,

    Can you explain your rationale  - i.e. what is the purpose of you changing XenServer firewall
rules?

    Citrix seems to have a how-to article on https://support.citrix.com/article/CTX123930
.

    Regards,
    Dag Sonstebo
    Cloud Architect
    ShapeBlue

    On 21/11/2016, 08:14, "Ghaith Bannoura" <gbannoura@etq.com<mailto:gbannoura@etq.com>>
wrote:

        Hello All,

        I have ACS 4.8 with xenserver 6.5 I modified the iptables in xenserver and its returned
back as default , also I stopped the iptables many times and its returned running again .

        Can you please advice where I can modify iptables permanently in xenserver .

        Best Regards,
        EtQ, Inc.
        Ghaith Bannoura
        Senior System Administrator
        MCT, MCSE (Messaging, Server Infrastructure)
        MCSA (Windows Server 2008, 2012), MCP

        *  Phone: +9626-537-0923 Ext. 376
        *  Gbannoura@etq.com<mailto:Gbannoura@etq.com> <mailto:Mal-Khayyat@etq.com<mailto:Mal-Khayyat@etq.com>>
        *   http://www.etq.com<http://www.etq.com/>




    Dag.Sonstebo@shapeblue.com<mailto:Dag.Sonstebo@shapeblue.com>
    www.shapeblue.com<http://www.shapeblue.com>
    53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue






Dag.Sonstebo@shapeblue.com<mailto:Dag.Sonstebo@shapeblue.com>
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue





Jeroen Keerl

Keerl IT Services GmbH
Birkenstraße 1b . 21521 Aumühle

+49 177 6320 317

www.keerl-it.com<http://www.keerl-it.com/>
info@keerl-it.com<mailto:info@keerl-it.com>

Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511

Unsere Allgemeine Geschäftsbedingungen finden Sie hier.<http://www.keerl-it.com/AGB.pdf>

[cid:d3544f14.06fb964e.PNG.2d8c1e66]


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message