Hello all,
I am facing issue while SSHing to VM in security groups enabled advanced
zone (XenServer host) even after applying the ingress rule for the security
group in which VM is deployed.
Also, even if I can see the ingress rule being applied through API listing
and on UI, I can't see the iptables on host being updated after
adding/removing ingress rule.
Is there any existing problem with XenServer regarding this? I read on few
blogs about some people encountering similar issue with Xenserver. I have
not yet tried on KVM.
The output of command "iptables -L -v -n" on host is as following.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT 47 -- * * 0.0.0.0/0
0.0.0.0/0
109M 110G RH-Firewall-1-INPUT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 91M packets, 149G bytes)
pkts bytes target prot opt in out source
destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source
destination
54M 76G ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
8430 520K ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0
224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:631
0 0 ACCEPT udp -- xenapi * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
47M 32G ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:694
19 1132 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
3919 204K ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:80
346K 21M ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:443
7721K 1583M REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Any directions?
Regards,
Gaurav
