cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Keerl <jeroen.ke...@keerl-it.com>
Subject AW: SecurityGroup - not working?
Date Thu, 22 Sep 2016 07:08:01 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>
<body>
<div>Hi Vivek,</div><div><br></div><div>I'll check the
sysctl settings again tonight, but I am quite sure I set those correctly.</div><div>Everything
else was done "by the book".</div><div><br></div><div>Cheers</div><div>JK</div><div><br></div><div><br></div><div><br></div><div
id="composer_signature"><div style="font-size:85%;color:#575757">Von meinem Samsung
Galaxy Smartphone gesendet.</div></div><div><br></div><div><br></div><!--
originalMessage --><div>-------- Ursprüngliche Nachricht --------</div><div>Von:
Vivek Kumar &lt;vivek.kumar@indiqus.com&gt; </div><div>Datum: 22.09.2016
 08:14  (GMT+01:00) </div><div>An: users@cloudstack.apache.org, jeroen.keerl@keerl-it.com
</div><div>Betreff: Re: SecurityGroup - not working? </div><div><br></div><div
dir="ltr">Hello Jeroen,<div><br></div><div>when you setup basic
Zone in Cloudstack with Xenserver you need to change few things in your Xenserver.</div><div><br></div><div>1- <strong
style="margin:0px;padding:0px;border:0px;color:rgb(95,97,102);font-family:citrixsans-light;font-size:16px">xe-switch-network-backend
bridge</strong> ( I hope u have already done this ).</div><div>2- And you
also need to do some  changes  in sysctl conf file for security groups.</div><div><br></div><div>do
below changes in /etc/sysctl.conf on xenserver </div><div><br></div><div><div>net.bridge.bridge-nf-call-iptables
= 1</div><div>net.bridge.bridge-nf-call-ip6tables = 0</div><div>net.bridge.bridge-nf-call-arptables
= 1</div><div><br></div><div>and run this command </div><div><br></div><div>#
sysctl -p /etc/sysctl.conf<br></div></div><div><br></div><div>I
hope this will work. </div><div><p style="font-size:12.8px"><b><span
style="font-family:&quot;trebuchet ms&quot;,sans-serif">Vivek Kumar</span></b><span
style="font-family:arial,sans-serif"><br></span><span style="font-size:10pt;font-family:&quot;trebuchet
ms&quot;,sans-serif;color:rgb(102,102,102)">Virtualization and Cloud Consultant</span><span
style="font-family:arial,sans-serif"><u></u><u></u></span></p><p
style="font-size:12.8px"><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"><a
href="http://www.indiqus.com/" target="_blank"><span style="text-decoration:none"><img
border="0" width="120" height="30" src="cid:image001.jpg@01D11715.475A5730" alt="http://www.indiqus.com/images/logo.jpg"></span> </a><br></span><b><span
style="font-size:6.5pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">I</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">ndi</span><b><span
style="font-size:6.5pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">Q</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">us
Technologies Pvt Ltd</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"><br></span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">A-98,
LGF, C.R.Park, New Delhi - 110019</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"> <br></span><b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">O</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)"> </span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">+91
11 4055 1411</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(204,204,204)">|</span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">M</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)"> </span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">+91
7503460090</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"><br><a
href="http://www.indiqus.com/" target="_blank"><span style="font-size:10pt;font-family:&quot;trebuchet
ms&quot;,sans-serif;color:rgb(102,102,102)">www.indiqus.com</span> </a></span></p></div><div><br></div><div><br></div><div
class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 22, 2016 at 1:43
AM, Jeroen Keerl <span dir="ltr">&lt;<a href="mailto:jeroen.keerl@keerl-it.com"
target="_blank">jeroen.keerl@keerl-it.com</a>&gt;</span> wrote:<br><blockquote
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
Hi,
<br>

<br>
I had a few things configured on ACS – Basic Zone – Security Groups.
<br>
Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8.
<br>
Basic Networking, VMs created from template, also CentOS 6.8
<br>

<br>
At first (default, first VM test) I could not log in using SSH.
<br>
Then I created the appropriate ingress rule and all was ok.
<br>
Same with ICMP (Ping) for <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
<br>
Now I wanted to test a few things in my test environment and removed these rules, actually
expecting that neither SSH nor ping would go through anymore.
<br>

<br>
Unfortunately they do, so apparently rules once set are not revoked upon deletion.
<br>
I would expect nothing to come through, if no ingress rules are set, no matter what iptables
on the VM itself does.
<br>

<br>
Tests:
<br>
- Delete all ingress rules (ping, SSH and webmin (TCP 10000))
<br>
- Disable iptables on VM
<br>
⇨ Ping, ssh went through, Webmin didn’t.
<br>
- Enable iptables on VM
<br>
⇨ Ping and ssh went through
<br>
- Insert ingress rule for webmin, iptables still enables
<br>
⇨ Webmin times out (expected behaviour)
<br>
- Disable iptables
<br>
⇨ Webmin works
<br>

<br>
In the documentation you are pointed towards the “The procedure is described in Basic Zone
Configuration in the Advanced Installation Guide.”
<br>
(Managing Networks and Traffic – Enabling Security Groups)
<br>
Searched for it on the Apache Site: Not found.
<br>
Google gave me the “Advanced Installation Guide” from Citrix, Version 3.*.* … in which
you are directed to the administration guide.
<br>
Not really helpful!
<br>

<br>
Does anybody know about this / experienced something like this before?
<br>

<br>

<br>
<br>
<div><p><b><span>Jeroen </span>Keerl</b><br></p><p><span><b>Keerl
IT Services GmbH<br></b></span>Birkenstraße 1b . 21521 Aumühle</p><p>+49
177 6320 317</p><p><span><a href="http://www.keerl-it.com/" target="_blank">www.keerl-it.com</a><br></span><a
href="mailto:info@keerl-it.com" target="_blank">info@keerl-it.com</a></p><p><span>Geschäftsführer.
Jacobus J. Keerl<br></span>Registergericht Lubeck. HRB-Nr. 14511</p><p>Unsere
Allgemeine Geschäftsbedingungen finden Sie <a href="http://www.keerl-it.com/AGB.pdf"
target="_blank">hier.</a></p><p><img></p></div><br>
</div>


</blockquote></div><br><br clear="all"><div><br></div>--
<br><div class="gmail_signature"><div dir="ltr"><p style="font-size:12.8px"><b><span
style="font-family:&quot;trebuchet ms&quot;,sans-serif">Vivek Kumar</span></b><span
style="font-family:arial,sans-serif"><br></span><span style="font-size:10pt;font-family:&quot;trebuchet
ms&quot;,sans-serif;color:rgb(102,102,102)">Virtualization and Cloud Consultant</span><span
style="font-family:arial,sans-serif"><u></u><u></u></span></p><p
style="font-size:12.8px"><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"><a
href="http://www.indiqus.com/" style="color:rgb(17,85,204)" target="_blank"><span style="text-decoration:none"><img
border="0" width="120" height="30" src="cid:image001.jpg@01D11715.475A5730" alt="http://www.indiqus.com/images/logo.jpg"></span> </a><br></span><b><span
style="font-size:6.5pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">I</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">ndi</span><b><span
style="font-size:6.5pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">Q</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">us
Technologies Pvt Ltd</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"><br></span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">A-98,
LGF, C.R.Park, New Delhi - 110019</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"> <br></span><b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">O</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)"> </span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">+91
11 4055 1411</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(204,204,204)">|</span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)">M</span></b><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(237,28,36)"> </span><span
style="font-size:10pt;font-family:&quot;trebuchet ms&quot;,sans-serif;color:rgb(102,102,102)">+91
7503460090</span><span style="font-size:6.5pt;font-family:helvetica,sans-serif;color:black"> </span><span
style="font-size:6.5pt;font-family:helvetica,sans-serif;color:rgb(80,0,80)"><br><a
href="http://www.indiqus.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:&quot;trebuchet
ms&quot;,sans-serif;color:rgb(102,102,102)">www.indiqus.com</span> </a></span></p></div></div>
</div></div>
<BR />
<BR />
<div><p class="p1"><b><span class="s1">Jeroen&nbsp;</span>Keerl</b><br></p><p
class="p1"><span class="s1"><b>Keerl IT Services GmbH<br></b></span>Birkenstraße
1b&nbsp;. 21521 Aumühle</p><p class="p1">+49 177 6320 317</p><p
class="p1"><span class="s1"><a href="http://www.keerl-it.com/">www.keerl-it.com</a><br></span><a
href="mailto:info@keerl-it.com">info@keerl-it.com</a></p><p class="p3"><span
class="s2">Geschäftsführer. Jacobus J. Keerl<br></span>Registergericht Lubeck.
HRB-Nr. 14511</p><p class="p3">Unsere Allgemeine Geschäftsbedingungen finden
Sie&nbsp;<a href="http://www.keerl-it.com/AGB.pdf">hier.</a></p><p
class="p3"><img src="cid:d3544f14.06fb964e.PNG.895d6841"></p></div><BR
/>
</body>
</html>


Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message