It would be useful if you provided some more information about your setup - hypervisor type etc.
>From the sounds of your question, your network is working (I.e. You can ping your VM), and this is specific to security groups. One check you can perform is to ssh onto the host you're running your VM on, and trace traffic through the iptables chains (while performing a ping to/from the VM), e.g. iptables -Z && watch -n .5 iptables -nvL iptables -Z && watch -n .5 iptables -nvL BRIDGE-FIREWALL iptables -Z && watch -n .5 iptables -nvL i-2-8-def On XenServer, security groups requires using Linux Bridge instead of Open vSwitch. /opt/xensource/bin/xe-switch-network-backend bridge By default XenServer (6.x) disables iptable/arptable checking over bridges - you'll need to ensure those are enabled. # Disable *tables rules for bridge traffic to increase performance net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-arptables = 1 I believe the functionality provided by CSP (iptables/ebtables handling etc) was included in XenServer 6.1 Hope that helps On 12/09/2013 14:26, "Michael Phillips" <mphilli7...@hotmail.com> wrote: >That's what I thought. In that case, what are some things I can look at >to troubleshoot because that process is not working for me. > >> From: jayapalreddy.ur...@citrix.com >> To: users@cloudstack.apache.org >> Subject: Re: Security Groups >> Date: Thu, 12 Sep 2013 06:41:49 +0000 >> >> You are right. >> >> Thanks, >> Jayapal >> >> On 12-Sep-2013, at 11:45 AM, Michael Phillips <mphilli7...@hotmail.com> >>wrote: >> >> > So If I have created a zone with the >>"DefaultSharedNetworkOfferingWithSGService" network offerring. Created a >>VM using the default security group, which has 0 ingress rules, I should >>NOT be able to do things like PING that VM correct? >> >> > Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and Sky International AG and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
