So I am running xen 6.0.2, and going off what Sangeetha responded with earlier.
I am definitely missing the CSP packages for XEN. I missed that in section
8.2.7 of the install guide....Guess it pays to be thorough when reading!
> From: gerard.ly...@bskyb.com
> To: users@cloudstack.apache.org
> Subject: Re: Security Groups
> Date: Thu, 12 Sep 2013 17:43:08 +0000
>
> It would be useful if you provided some more information about your setup
> - hypervisor type etc.
>
> From the sounds of your question, your network is working (I.e. You can
> ping your VM), and this is specific to security groups.
>
>
> One check you can perform is to ssh onto the host you're running your VM
> on, and trace traffic through the iptables chains (while performing a ping
> to/from the VM), e.g.
>
> iptables -Z && watch -n .5 iptables -nvL
> iptables -Z && watch -n .5 iptables -nvL BRIDGE-FIREWALL
> iptables -Z && watch -n .5 iptables -nvL i-2-8-def
>
>
> On XenServer, security groups requires using Linux Bridge instead of Open
> vSwitch.
>
> /opt/xensource/bin/xe-switch-network-backend bridge
>
> By default XenServer (6.x) disables iptable/arptable checking over bridges
> - you'll need to ensure those are enabled.
> # Disable *tables rules for bridge traffic to increase performance
> net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-arptables = 1
>
>
> I believe the functionality provided by CSP (iptables/ebtables handling
> etc) was included in XenServer 6.1
>
> Hope that helps
>
>
>
>
> On 12/09/2013 14:26, "Michael Phillips" <mphilli7...@hotmail.com> wrote:
>
> >That's what I thought. In that case, what are some things I can look at
> >to troubleshoot because that process is not working for me.
> >
> >> From: jayapalreddy.ur...@citrix.com
> >> To: users@cloudstack.apache.org
> >> Subject: Re: Security Groups
> >> Date: Thu, 12 Sep 2013 06:41:49 +0000
> >>
> >> You are right.
> >>
> >> Thanks,
> >> Jayapal
> >>
> >> On 12-Sep-2013, at 11:45 AM, Michael Phillips <mphilli7...@hotmail.com>
> >>wrote:
> >>
> >> > So If I have created a zone with the
> >>"DefaultSharedNetworkOfferingWithSGService" network offerring. Created a
> >>VM using the default security group, which has 0 ingress rules, I should
> >>NOT be able to do things like PING that VM correct?
> >>
> >>
> >
>
>
> Information in this email including any attachments may be privileged,
> confidential and is intended exclusively for the addressee. The views
> expressed may not be official policy, but the personal views of the
> originator. If you have received it in error, please notify the sender by
> return e-mail and delete it from your system. You should not reproduce,
> distribute, store, retransmit, use or disclose its contents to anyone. Please
> note we reserve the right to monitor all e-mail communication through our
> internal and external networks. SKY and the SKY marks are trademarks of
> British Sky Broadcasting Group plc and Sky International AG and are used
> under licence. British Sky Broadcasting Limited (Registration No. 2906991),
> Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers
> Services Limited (Registration No. 2340150) are direct or indirect
> subsidiaries of British Sky Broadcasting Group plc (Registration No.
> 2247735). All of the companies mentioned in this paragraph are incorporated
> in England and Wales and share the same registered office at Grant Way,
> Isleworth, Middlesex TW7 5QD.
>
>
