Hi, Your host iptables are not configured with the security group rules.
To check the below reference post for security group rules. http://jayapalu.blogspot.com/2013/09/security-groups-in-cloudstack.html Thanks, Jayapal On 19-Sep-2013, at 10:15 AM, Michael Phillips <mphilli7...@hotmail.com<mailto:mphilli7...@hotmail.com>> wrote: Sorry posted the wrong thing...please view this. http://pastebin.com/NF28fpq7 From: jayapalreddy.ur...@citrix.com To: users@cloudstack.apache.org Subject: Re: Security Groups Date: Thu, 19 Sep 2013 04:40:14 +0000 There are no cloudstack configured iptables rules on your xen host. It seems iptables are stopped on the host ? Please check is CSP installed correctly not he host. Please try to force connect or host once. Thanks, Jayapal On 19-Sep-2013, at 9:50 AM, Michael Phillips <mphilli7...@hotmail.com> wrote: http://pastebin.com/xf9SBzVY From: jayapalreddy.ur...@citrix.com To: users@cloudstack.apache.org Subject: Re: Security Groups Date: Thu, 19 Sep 2013 03:54:51 +0000 Hi, Can you please share host 'iptables -L -nv' output on pastebin Thanks, Jayapal On 19-Sep-2013, at 8:04 AM, Michael Phillips <mphilli7...@hotmail.com> wrote: Having troubles getting security groups to function My "test" environment is as follows: Cloudstack 4.1.1 on centos6.4Xen Server 6.0.2, CSP installed, iptables running...not sure if it needs to be but it is by default, all xen patches installed.Primary Storage = iscsiSecondary Storage = nfs on mgmt serverSystem VM's and router are running as expected.Network = flat 192.168.50.0/24 I then create 2 instances(vm's) based on the centos5.6 template provided and assign them to the "default" security group. The instances are able to "ping" each other, and I thought the expected behavior is that they should not be able to, since the default security group has 0 ingress rules which should block all inbound traffic. What could I be missing??
