Icmp type/code any/any maps to –1/-1 in the API, not 0/0 From: Michael Hart-Jones <mhartjo...@accessit.co.uk<mailto:mhartjo...@accessit.co.uk>> Reply-To: CloudStack Users <cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>> Date: Mon, 3 Dec 2012 04:04:56 -0800 To: CloudStack Users <cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>> Subject: Re: ICMP traffic will not traverse
Thanks Jayapal, The systems are accessable on UDP and TCP protocols due to the current security policy. Current rules allow traffic ingress on ports 0 - 65535 on UDP and TCP to 0.0.0.0/0, and on the egress to, and there are no issues with this. However the ICMP is setup with type 0 and code 0 to 0.0.0.0/0, I have also setup type 8 and code 0, the type and code used by ping, to 0.0.0.0/0 but have no luck. Any other thoughts? --- Michael Hart-Jones BEng [cid:part1.01020400.01010001@accessit.co.uk] E-Mail: mhartjo...@accessit.co.uk<mailto:mhartjo...@accessit.co.uk> Tel: (01227) 750555 Fax: (01227) 750070 [cid:part3.02030800.03060804@accessit.co.uk] On 03/12/12 11:57, Jayapal Reddy Uradi wrote: You can’t ping the guest VM from the public network. Adding icmp rule on public IP allows to ping only public IP but not the guest VM. >From cloudstack UI you can reach the guest VM tcp/udp ports. Below are the steps to ssh to guest vm from the public network: 1. Aquire public IP P1, on the network. 2. Add firewall rule 0.0.0.0/0 tcp 22-22 3. Add port forwarding rule with ports 22-22 and guest VM. 4. After this ssh to P1 will gives the access to guest VM. Thanks, Jayapal From: Michael Hart-Jones [mailto:mhartjo...@accessit.co.uk] Sent: Monday, December 03, 2012 3:24 PM To: cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org> Subject: Re: ICMP traffic will not traverse Thanks for that Nik, I have tried that and I still get no response back. The instances have no firewall in place. --- Michael Hart-Jones BEng [cid:image001.png@01CDD17B.737F2F30] E-Mail: mhartjo...@accessit.co.uk<mailto:mhartjo...@accessit.co.uk> Tel: (01227) 750555 Fax: (01227) 750070 [cid:image002.png@01CDD17B.737F2F30] On 01/12/12 18:29, Nik Martin wrote: On 11/26/2012 11:01 AM, Michael Hart-Jones wrote: The Security policies in place show 0.0.0.0/0 allowing ports 0-65535 on UDP and TCP. I have tried to do the same thing with ICMP but with no luck. Make sure you also create a rule for cidr 0.0.0.0/0 on protocol ICMP, with type 8 (echo) and code 0 THEN make sure the vm you are pinging is not also dropping pings via some firewall rule. --- Michael Hart-Jones BEng E-Mail: mhartjo...@accessit.co.uk<mailto:mhartjo...@accessit.co.uk> <mailto:mhartjo...@accessit.co.uk><mailto:mhartjo...@accessit.co.uk> Tel: (01227) 750555 Fax: (01227) 750070 On 26/11/12 16:57, Boylan, James wrote: This is a normal behavior for VMs within an isolated basic network. They don’t pass any traffic except port 22 for SSH and that only works if the egress rules are in place. --James *From:*Michael Hart-Jones [mailto:mhartjo...@accessit.co.uk] *Sent:* Monday, November 26, 2012 10:50 AM *To:* cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org> *Subject:* ICMP traffic will not traverse I am having an issue with my servers. The setup is as follows _Management Server, Host1 and Host2_ Centos 6.2 Cloudstack 3.0.2 The server was setup by a collegue who has left since but I have noticed that we do not have the ability to send ICMP traffic to our virtualised hosts, prime example being ping. I can see he has setup basic networking, and I do not have the time to try and change this over. I have tried to setup the security policies to allow it but I cannot get any response. Has anyone got any ideas where I should start looking? --- Michael Hart-Jones BEng E-Mail: mhartjo...@accessit.co.uk<mailto:mhartjo...@accessit.co.uk> <mailto:mhartjo...@accessit.co.uk><mailto:mhartjo...@accessit.co.uk> Tel: (01227) 750555 Fax: (01227) 750070 ------------------------------------------------------------------------ ************************************************************************************************* Disclaimer: This message may only be read in context and with common sense. If concerned by it or in doubt, please destroy it. If this message is not meant for you, we have made a mistake and would appreciate your help. We promise that we mean no offence and will endeavour to rectify our mistake. Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk> <http://www.accessit.co.uk><http://www.accessit.co.uk> Company number: 3117204 ************************************************************************************************* ------------------------------------------------------------------------ ************************************************************************************************* Disclaimer: This message may only be read in context and with common sense. If concerned by it or in doubt, please destroy it. If this message is not meant for you, we have made a mistake and would appreciate your help. We promise that we mean no offence and will endeavour to rectify our mistake. Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk> Company number: 3117204 ************************************************************************************************* ________________________________ ************************************************************************************************* Disclaimer: This message may only be read in context and with common sense. If concerned by it or in doubt, please destroy it. If this message is not meant for you, we have made a mistake and would appreciate your help. We promise that we mean no offence and will endeavour to rectify our mistake. Our full contact details can be found on www.accessit.co.uk<http://www.accessit.co.uk> Company number: 3117204 ************************************************************************************************* ________________________________ ************************************************************************************************* Disclaimer: This message may only be read in context and with common sense. If concerned by it or in doubt, please destroy it. If this message is not meant for you, we have made a mistake and would appreciate your help. We promise that we mean no offence and will endeavour to rectify our mistake. Our full contact details can be found on www.accessit.co.uk Company number: 3117204 *************************************************************************************************
