cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <>
Subject Re: One last hurdle
Date Sun, 23 Feb 2014 06:35:58 GMT
Glad to hear you have it working.


On Sat, Feb 22, 2014 at 8:13 PM, Michael Phillips
<> wrote:
> Figured it out....
> Apparently by default outbound traffic is blocked by egress rule...implemented an egress
rule and it's working....
>> From:
>> To:
>> Subject: One last hurdle
>> Date: Sat, 22 Feb 2014 18:37:45 -0600
>> I am almost there to having a working config with advanced network on vsphere 5.1
>> So I am using a pretty basic advanced network zone using vlan for isolation. Details
are below:
>> Public range = x.x.233.0/24
>> Guest cidr =
>> VLAN range = 400-405
>> 1. I create an instance of the default centos5.3 template, choosing to create a isolated
network based on "DefaultIsolatedNetworkOfferingWithSourceNatService"
>> 2. The system spawns a system router.
>> 3. The system spawns the guest vm.
>> 4. The router is made a part of the public vlan 233 and the isolated vlan 400
>> 5. The guest vm is made a part of the isolated vlan 400.
>> 6. The router is assigned an IP address on the isolated network of The
router is able to get out to the internet fine, and is able to ping the guest instance.
>> 7. The guest is assigned an ip address on the isolated network. The guest vm is able
to ping the router
>> Network Topology would look as follows:
>> guestvm ---> system router ---> firewall ---> router ---> internet
>> Up to this point everything LOOKS guest vm is not able to get
out to the internet.
>> At first I thought my problem might be with the hop after the system router which
is my firewall. So what I did was to imitate what CS is doing, but with windows machines.
Basically I spawned two machines, one which acted as a guest vm, the other to act as a system
router. On the windows box, which I simulated the system router, I enabled routing and remote
access to enable NAT. In this configuration the guest vm was able to use the simulated system
router and browse the internet just fine. The test topology would look as follows:
>> guest vm ---> simulated router running windows and NAT ---> firewall --->
router ---> internet
>> So this leads me to believe that something is wrong with the system router and how
it is NAT'ing. Up to this point I have tried the default network service "DefaultIsolatedNetworkOfferingWithSourceNatService"
and created a new network offering using DNS,DHCP, and SourceNAT.
>> I think once I get past this hurdle I will be be good to go....any help is hugely

View raw message