Thanks for the clarification, it makes sense. So far I have instances attached to the 10.1.1.0/24 guest network, and I have Internet connection through the Virtual Router source-NAT feature. But now, I would like to take one public IP and configure it directly on one instance. Do I need a different range from the one assigned right now to the SSVM? Or can I use for simplicity the same public network subnet declared during advanced zone creation?
On Fri, Dec 20, 2013 at 10:16 AM, Geoff Higginbottom < geoff.higginbot...@shapeblue.com> wrote: > The VR is configured to not respond to pings, probably a anti DDOS measure. > > If you restart the VR it will respond to pings whilst it is booting, but > then the security policies kick in and the responses stop. > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540> | M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> > | www.shapeblue.com<htp://www.shapeblue.com/> > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N > 4HS<x-apple-data-detectors://37> > > > > On 20 Dec 2013, at 08:46, "Francesco Maria Magnini" <fmm1...@gmail.com > <mailto:fmm1...@gmail.com>> wrote: > > Where should I add a firewall rule, manually using iptables inside the > Virtual Router? > Consider that I have no firewall in my network layout preventing ICMP to > reach the Virtual Router. > > > On Fri, Dec 20, 2013 at 1:57 AM, Andrei Mikhailovsky <and...@arhont.com > <mailto:and...@arhont.com>>wrote: > > > > Francesco, > > I believe you need to add a firewall rule to allow ingress ICMP traffic. > Once allowed you should be able to ping it. > > Andrei > > ----- Original Message ----- > > From: "Francesco Maria Magnini" <fmm1...@gmail.com<mailto: > fmm1...@gmail.com>> > To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> > Sent: Thursday, 19 December, 2013 11:23:37 PM > Subject: Re: [Advanced Zone] Isolated Source NAT issue (NAT not working) > > Hi Geoff, > > I've added a "permit all" egress rule (source 0.0.0.0/0 ALL) and now guest > VMs can connect to Internet. > Is it normal that the Virtual Router is still not reachable through the > public network? > I cannot ping its public IP address (other 2 public SSVM are pingables). > > Regards > > > On Thu, Dec 19, 2013 at 7:12 PM, Geoff Higginbottom < > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com>> > wrote: > > Francesco, > > Have you enabled egress rules to allow outbound traffic for guest VMs > > If you are trying to ping the public IP of the VR it will not respond due > to security settings, however the SSVM and CPVM do respond. > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540>| M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com > ><mailto:geoff.higginbot...@shapeblue.com > > |www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> | > Twitter:@shapeblue< > https://twitter.com/#!/shapeblue> > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N > 4HS<x-apple-data-detectors://5> > > > On 19 Dec 2013, at 18:04, "Francesco Maria Magnini" <fmm1...@gmail.com > <mailto:fmm1...@gmail.com> > <mailto:fmm1...@gmail.com>> wrote: > > Hi guys, > > I cannot ping internet from VMs. > Pinging from Virtual Router is ok. > > In addition, SSVM are reachable from outside (storage/proxy ssvm) through > addresses configured in public network range, Virtual router is not > reachable (but can ping internet). > > Any idea? > > > -- > "I videogiochi non influenzano i bambini. > Voglio dire, se pac-man avesse influenzato la nostra generazione, > staremmo tutti saltando in sale scure, > masticando pillole magiche e ascoltando musica elettronica > ripetitiva..." > > (Kristian Wilson, Nintendo Inc, 1989) > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views > or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not > the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the > sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is > a > company incorporated in India and is operated under license from Shape > Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue is a > registered trademark. > > > > > -- > "I videogiochi non influenzano i bambini. > Voglio dire, se pac-man avesse influenzato la nostra generazione, > staremmo tutti saltando in sale scure, > masticando pillole magiche e ascoltando musica elettronica > ripetitiva..." > > (Kristian Wilson, Nintendo Inc, 1989) > > > > > -- > "I videogiochi non influenzano i bambini. > Voglio dire, se pac-man avesse influenzato la nostra generazione, > staremmo tutti saltando in sale scure, > masticando pillole magiche e ascoltando musica elettronica > ripetitiva..." > > (Kristian Wilson, Nintendo Inc, 1989) > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue is a > registered trademark. > -- “I videogiochi non influenzano i bambini. Voglio dire, se pac-man avesse influenzato la nostra generazione, staremmo tutti saltando in sale scure, masticando pillole magiche e ascoltando musica elettronica ripetitiva...” (Kristian Wilson, Nintendo Inc, 1989)
