Actually, I disabled ebtables. That seemed to clear the issue. However, what is the proper way to add yet another IP address; when ebtables is online.
- Maurice
- Maurice
On Apr 04, 2013, at 09:39 PM, Maurice Lawler <maurice.law...@me.com> wrote:
One more thing,
Your assistance was great, let me ask you this. I wanted to test to see how far I can push this. While I was able to have one primary IP addressed assigned by Cloud Stack and working with the ebtables I was then able to add a secondary IP address; however, adding a third IP address as I did the secondary IP address however, it fails; why is this?
On Apr 04, 2013, at 09:30 PM, Maurice Lawler <maurice.law...@me.com> wrote:Kirk,
THANK YOU THANK YOU THANK YOU !
That worked PERFECTLY !!!!
Appreciate your help GREATLY!
Now if you or ANYONE can assist, a windows instance -- attaching a secondary virtual drive on it; I was given an exe and an ISO to install drivers; but I am not 100%
- Maurice
On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <kirkkosin...@gmail.com> wrote:Hi, Maurice. The message you linked is about XenServer and not
applicable to KVM. One of the main purposes of security groups is to
prohibit exactly what you are trying to do. You may want to use a basic
zone without security groups if you routinely need to bypass their
functionality, or use an advanced zone to get full support for using
multiple guest networks, or wait for official support for multiple IPs
per NIC which seems to be coming in CloudStack 4.2 [1].
Anyway if this is a one-off case, one solution that seems to work is to
delete the ebtables DROP rules on the host for IPs not assigned to the
VM by CloudStack. There are inbound and outbound chains in the nat
table for each VM. For example, list the rules:
ebtables -t nat -L i-2-3-VM-in --Ln
And delete the DROP rule for the IP:
ebtables -t nat -D i-2-3-VM-in 4
Do the same for the i-2-3-VM-out chain, and redo these steps any time
the VM migrates to a different host or is stopped and started. If you
generally want to use security groups but don't mind if VMs use
additional IPs, it should be possible to hack security_group.py on the
hosts to prevent the DROP rules from being created in the first place.
Best regards,
Kirk
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
On 04/04/2013 01:23 PM, Maurice Lawler wrote:
> Hello Kirk,
>
> Yes, I am; the default security group settings in the basic mode.
>
>
>
> On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <kirkkosin...@gmail.com> wrote:
>
>> Are you using security groups in your basic zone?
>>
>> Kirk
>>
>> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>> > Hello,
>> >
>> >
>> > Thank you so very much for the replies. I am using Basic Zone right
>> now and yes, I would like the ability to assign a secondary IP address
>> to any instance (should the instances I a hosting request them) at
>> this point one has requested a secondary IP address.
>> >
>> > So the previous response, would that work in basic mode, how should
>> I proceed?
>> >
>> > - Maurice
>> >
>> >
>> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemne...@gmail.com
>> <mailto:aemne...@gmail.com>> wrote:
>> >
>> >> Dropping -dev as to not cross post. Just to clear things up...
>> >> Maurice: this is for guests to have multiple ip's in a vm, right?
>> Would these ip's be on the same subnet or a different network. I think
>> Chiradeep posted a way to technically get around this. Also for
>> further clarification, what cloudstack zone type are you working with?
>> >>
>> >> Ahmad
>> >>
>> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <maurice.law...@me.com
>> <mailto:maurice.law...@me.com>> wrote:
>> >>
>> >>> Hello Cloud Stack Family,
>> >>>
>> >>>
>> >>> I have attempted to the best of my ability to set this up. I have
>> an instance (actually two) I would like to toss one additional IP
>> address to two different instances. Cloud Stack 4.0.1 is proving to be
>> rather difficult to accomplish this in.
>> >>>
>> >>> Here is my set-up:
>> >>>
>> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>> >>>
>> >>> Yesterday, I was provided a helpful link:
>> http://markmail.org/message/bt7pqnen26v2o63k
>> >>>
>> >>> However, I am not making much sense out of that.
>> >>>
>> >>> If ANYONE has ANY experience adding a secondary IP address --
>> please feel free to rescue me from the quick sand I am slowly sinking in!
>> >>>
>> >>> I would greatly appreciate any and ALL help!
>> >>>
>> >>> Thanks again!
>> >>>
>> >>> - Maurice (aka: daoenix)
>> >
