[
https://issues.apache.org/jira/browse/CLOUDSTACK-5591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13858725#comment-13858725
]
Ram Ganesh commented on CLOUDSTACK-5591:
----------------------------------------
Jayapal
Can you help root cause this issue and check if iptables is blocking the
traffic?
> [VMWare][64-bit template]Public network is not reachable by the System Vm's.
> ----------------------------------------------------------------------------
>
> Key: CLOUDSTACK-5591
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5591
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Install and Setup
> Affects Versions: 4.3.0
> Reporter: Kiran Koneti
> Assignee: Jayapal Reddy
> Priority: Blocker
> Fix For: 4.3.0
>
>
> The setup details are as follows:
> 1)Installed the CS setup and changed the global setting to allow the download
> from the internal sites.
> 2)Created a Advanced Zone setup with Vmware 5.5 where the system Vm's came up.
> 3)Then added one more cluster for the KVm and added a KVM host.
> 4)After adding the KVM ost the system Vm template for the KVM was not ready
> and it shows as connection timed out.
> 5)Then logged into the SSVM and tried to ping the public network then the
> network was not reachable,even the default gateway was not pingable.
> 6)When stopped the IP tables the gateway was pingable.
> 7)When tried to check the arp of the gw using "arping the gatewayIP" it says
> the eth0 is down and when eth0 is made up the ping was successful and the
> public network was reachable.
> 8)Then tried to restart the SSVM again the situation is same that the public
> network is not reachable.
> 9)If we leave the stup for longer time without making any changes the Public
> network will be reachable and when rebooted again the network will not be
> reached again.
> The Iptables details are as below:
> "iptables -L -nv
> Chain INPUT (policy DROP 4 packets, 312 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:443
> 0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:80
> 1 60 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:3922
> 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 547 95190 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 2 262 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 0 0 ACCEPT all -- eth3 * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 10 588 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
> icmptype 13
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:3922
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> Chain OUTPUT (policy ACCEPT 493 packets, 76135 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT tcp -- * eth1 0.0.0.0/0
> 10.147.28.0/24 state NEW tcp
> 0 0 REJECT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:80 reject-with icmp-port-unreachable
> 0 0 REJECT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0
> state NEW tcp dpt:443 reject-with icmp-port-unreachable
> Chain HTTP (0 references)
> pkts bytes target prot opt in out source
> destination"
> The arping request is as below:
> arping 10.147.X.X
> Interface "eth0" is down
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
