Hi Amed Thank you very much for your response, I had not reviewed the security group being used and yes the security group was not setup correctly.
Kind regards Noel On 11 February 2013 21:32, Ahmad Emneina <aemne...@gmail.com> wrote: > do you have security groups enabled? If so you'll need to setup rules to > allow for ingress traffic. > > > On Mon, Feb 11, 2013 at 1:24 PM, Noel King <noelk...@gmail.com> wrote: > > > Hi > > > > I have setup KVM hosts for Cloudstack 4 using the details in the > > installation guide > > > > > > > http://incubator.apache.org/cloudstack/docs/en-US/Apache_CloudStack/4.0.0-incubating/html-single/Installation_Guide/index.html#hypervisor-kvm-install-flow > > > > This setup includes iptables configuration, However after creating VM's > on > > that host are blocked unless I directly ssh from that kvm host machine. > > This means all external machines including other kvm host vms cannot > > connect either. > > > > After a VM is created on this host the iptables configuration is changed > to > > the following state (below), which is preventing non local access to the > > VM. > > > > Any insight here as to how CloudStack updating of iptables here is > > preventing connectivity, it would be greatly appreciated. > > > > Kind regards, > > > > Noel > > > > > > IPTABLES STATE AFTER VM CREATED > > ============================================= > > > > Table: filter > > Chain INPUT (policy ACCEPT) > > num target prot opt source destination > > 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > > dpts:49152:49216 > > 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > > dpts:5900:6100 > > 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > > dpt:16509 > > 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > > dpt:1798 > > 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > > dpt:22 > > > > Chain FORWARD (policy ACCEPT) > > num target prot opt source destination > > 1 BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV > > match --physdev-is-bridged > > 2 BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV > > match --physdev-is-bridged > > 3 DROP all -- 0.0.0.0/0 0.0.0.0/0 > > 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain OUTPUT (policy ACCEPT) > > num target prot opt source destination > > > > Chain BF-cloudbr0 (2 references) > > num target prot opt source destination > > 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > > RELATED,ESTABLISHED > > 2 BF-cloudbr0-IN all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV match --physdev-is-in --physdev-is-bridged > > 3 BF-cloudbr0-OUT all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV match --physdev-is-out --physdev-is-bridged > > 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > PHYSDEV > > match --physdev-out eth0 --physdev-is-bridged > > > > Chain BF-cloudbr0-IN (1 references) > > num target prot opt source destination > > 1 i-1-659-def all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV > > match --physdev-in vnet0 --physdev-is-bridged > > > > Chain BF-cloudbr0-OUT (1 references) > > num target prot opt source destination > > 1 i-1-659-def all -- 0.0.0.0/0 0.0.0.0/0 > > PHYSDEV > > match --physdev-out vnet0 --physdev-is-bridged > > > > Chain i-1-659-VM (1 references) > > num target prot opt source destination > > 1 DROP all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain i-1-659-VM-eg (1 references) > > num target prot opt source destination > > 1 RETURN all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain i-1-659-def (2 references) > > num target prot opt source destination > > 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > > RELATED,ESTABLISHED > > 2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 > PHYSDEV > > match --physdev-in vnet0 --physdev-is-bridged udp spt:68 dpt:67 > > 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 > PHYSDEV > > match --physdev-out vnet0 --physdev-is-bridged udp spt:67 dpt:68 > > 4 RETURN udp -- 172.18.48.213 0.0.0.0/0 > PHYSDEV > > match --physdev-in vnet0 --physdev-is-bridged udp dpt:53 > > 5 i-1-659-VM-eg all -- 172.18.48.213 0.0.0.0/0 > > PHYSDEV match --physdev-in vnet0 --physdev-is-bridged > > 6 i-1-659-VM all -- 0.0.0.0/0 0.0.0.0/0 > PHYSDEV > > match --physdev-out vnet0 --physdev-is-bridged > > > > Table: nat > > Chain PREROUTING (policy ACCEPT) > > num target prot opt source destination > > > > Chain POSTROUTING (policy ACCEPT) > > num target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > num target prot opt source destination > > >
