Hi, below you can find the iptables rules and the bridge configuration. Anyway, what I see is that ICMP request are reaching the KVM host, but opening a virsh console to the guest shows no ICMP packets coming from public network.
root@kvm01:~# ufw status Status: inactive root@kvm01:~# root@kvm01:~# root@kvm01:~# root@kvm01:~# root@kvm01:~# brctl show bridge name bridge id STP enabled interfaces cloud0 8000.fe00a9fe01a8 no vnet0 vnet4 cloudbr0 8000.0019995a73ac no eth0 vnet1 vnet2 vnet3 vnet5 vnet6 virbr0 8000.000000000000 yes root@kvm01:~# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy ACCEPT) target prot opt source destination BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged DROP all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain BF-cloudbr0 (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED BF-cloudbr0-IN all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-in --physdev-is-bridged BF-cloudbr0-OUT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-out --physdev-is-bridged ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth0 --physdev-is-bridged Chain BF-cloudbr0-IN (1 references) target prot opt source destination Chain BF-cloudbr0-OUT (1 references) target prot opt source destination root@kvm01:~# On Thu, Dec 5, 2013 at 6:23 AM, Sanjeev Neelarapu < sanjeev.neelar...@citrix.com> wrote: > Hi, > > Make sure that iptable rules are configured properly for icmp and ssh > traffic on kvm host. > I think icmp is disabled by default on SSVM and CPVM on control IP > address, but should be allowed on public IP address. > > Thanks, > Sanjeev > > -----Original Message----- > From: Francesco Maria Magnini [mailto:fmm1...@gmail.com] > Sent: Wednesday, December 04, 2013 9:23 PM > To: users@cloudstack.apache.org > Subject: Storage/Console SSVM loose connectivity (can't ping them anymore) > after creating the first guest instance > > I'm experiencing problems in Cloudstack 4.2 installation on both Ubuntu > Server 12.04 and 13.10. > > - Installed Cloudstack Management Controller and a KVM host in two > separate boxes > - Cloudstack installations went fine > - Created a basic networking zone, all is green, storage ok, vvms ok > > At this point, I'm able to ping physical hosts, Storage and Proxy SSVM > public IP Address. > > - Created instance with basic template of CentOS, fine > - Automatically created System Router > > At this point I'm still able to ping physical hosts, but no longer Storage > SSMV, Proxy SSVM and the CentOS instance created a while ago. > > No errors, all is green, all processes running fine, just connectivity > issue on the public network side of Proxy/Storage VVMS and Instances. > > *IMPORTANT* I've configured Cloudstack in CentOS enviroment before testing > Ubuntu Server, with both Basic and Advanced Networking (VLAN separation) > without problems. > > Security group is already configured with ICMP/SSH rules for inbound. > > Any ideas? Thanks > -- “I videogiochi non influenzano i bambini. Voglio dire, se pac-man avesse influenzato la nostra generazione, staremmo tutti saltando in sale scure, masticando pillole magiche e ascoltando musica elettronica ripetitiva...” (Kristian Wilson, Nintendo Inc, 1989)
