I had this issue too some days ago. I solved it by logging into the Virtual Router over ssh
and adding this rule to the Firewall:
iptables -A FW_OUTBOUND -j ACCEPT
I hope this helps.
Regards
-----Mensaje original-----
De: Jayapal Reddy Uradi [mailto:jayapalreddy.uradi@citrix.com]
Enviado el: jueves, 27 de junio de 2013 12:37
Para: <users@cloudstack.apache.org>
Asunto: Re: How to create a network offering without firewall?
Is internet accessible from from router ?
If it is accessible please send router iptables rules on pastebin.com
Thanks,
jayapal
On 27-Jun-2013, at 3:34 PM, WXR <474745079@qq.com>
wrote:
> Sorry,the instance can access the vrouter gateway ip ,but can not access the Internet.
>
>
> ------------------ Original ------------------
> From: "WXR"<474745079@qq.com>;
> Date: Thu, Jun 27, 2013 06:01 PM
> To: "users"<users@cloudstack.apache.org>;
>
> Subject: Re: How to create a network offering without firewall?
>
>
>
> I have added a egress rule like this:
> Source CIDR Protocol Start Port End Port
> 0.0.0.0/0 All All All
>
> The vrouter vm can also access the Internet.
> But the instance vm is still able to access the vrouter gateway ip and the Internet.
>
>
>
>
> ------------------ Original ------------------
> From: "Murali Reddy"<Murali.Reddy@citrix.com>;
> Date: Thu, Jun 27, 2013 05:21 PM
> To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>;
>
> Subject: Re: How to create a network offering without firewall?
>
>
>
>
> Yes, egress firewall default action is 'BLOCK'. Here is a nice blog
> from Radhika
> http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules
> -in-a
> pache-cloudstack/
>
> On 27/06/13 2:21 PM, "WXR" <474745079@qq.com> wrote:
>
>> By the way , when I select the default guestnetworkwithsourceNAT and
>> create an instance,the vm can not access to the Internet,is this a
>> default setting?how can I let the vm access the Internet?
>>
>>
>>
>>
>> ------------------ Original ------------------
>> From: "Murali Reddy"<Murali.Reddy@citrix.com>;
>> Date: Thu, Jun 27, 2013 04:46 PM
>> To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>;
>>
>> Subject: Re: How to create a network offering without firewall?
>>
>>
>>
>>
>> Also, by default all the ports that will be used by edge services are
>> blocked by iptable config in the router VM templates. They needed to
>> be opened explicitly with firewall rules.
>>
>> On 27/06/13 2:08 PM, "Jayapal Reddy Uradi"
>> <jayapalreddy.uradi@citrix.com>
>> wrote:
>>
>>> With out firewall provider you can't have sourceNAT and static NAT
>>> services because these services are provided by firewall provider only.
>>>
>>> Thanks,
>>> Jayapal
>>>
>>> On 27-Jun-2013, at 1:35 PM, WXR <474745079@qq.com>
>>> wrote:
>>>
>>>> If I create a new network offering and check
>>>> dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall
>>>> service.But the firewall will be added into it automatically.
>>>> I don't need the firewall service ,how can I create a network
>>>> offering without firewall?
>>>
>>>
>>
>>
>> .
>
>
> .
|