By default XenServer (6.x) disables iptable/arptable checking over bridges in /etc/sysctl.conf - you'll need to ensure those are enabled.
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-arptables = 1 On 13/09/2013 04:55, "Jijun" <jiju...@gmail.com> wrote: >hi , i encounter the same problem, > >as i know, XenServer 6.2 need not the CSP. > >but the ingress not be blocked by default. i can ping all the Vms in >that security group. > >i don't know why? > >Thanks. > >On 09/13/2013 02:02 AM, Michael Phillips wrote: >> So that is definitely going to be the issue. I missed that in the 8.2.7 >>section of the install guide. >> >>> From: sangeetha.hariha...@citrix.com >>> To: dev@cloudstack.apache.org >>> Subject: RE: Security Groups >>> Date: Thu, 12 Sep 2013 17:19:16 +0000 >>> >>> If you are using Xenserver hosts , can you make sure you have the CSP >>>packages installed? >>> >>> -Thanks >>> Sangeetha >>> >>> -----Original Message----- >>> From: Michael Phillips [mailto:mphilli7...@hotmail.com] >>> Sent: Thursday, September 12, 2013 9:33 AM >>> To: dev@cloudstack.apache.org >>> Subject: Security Groups >>> >>> I posed this question in the user list, but I figured I would throw it >>>out here as well...So If I have created a zone with the >>>"DefaultSharedNetworkOfferingWithSGService" network offering, then >>>created a VM using the default security group, which has 0 ingress >>>rules, I should NOT be able to do things like PING that VM correct? The >>>answer to the above question was answered "correct"...My next question >>>is, in that case what are some things I could look at to see why it's >>>not behaving as expected. >>> >> > > >-- >Thanks, >Jijun > > Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
