Hello guys, Having a bit of an issue with clean installs of ACS 4.2.1. The same issue is present on ACS 4.3. Both of the system vms are created and shown as Running. When I login either to ssvm or cpvm I am able to ping internal and external dns servers, as well as I can ping public hosts like 8.8.8.8, etc. I am able to access public IPs on ports 80 or 443 and that's pretty much it.I am unable to resolve anything or access any other ports. This applies to the management and public networks.
I had a quick investigation and it seems that the XenServer iptables rules are not properly setup. The default iptables policy that I have is: # iptables -L -nv Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 6880K 9595M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 40776 25M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 6152K packets, 15G bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 2355K 5758M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 349K 21M ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 3 261 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 0 0 ACCEPT udp -- xenapi * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4164K 3815M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:694 19 1092 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 13 732 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 10542 632K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 42147 26M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited In order for my system vms to resolve anything I have to manually add the following lines on the hypervisor: iptables -I RH-Firewall-1-INPUT -p udp --dport 53 -j ACCEPT iptables -I RH-Firewall-1-INPUT -p tcp --dport 53 -j ACCEPT Has anyone seen this behaviour from a clean install? Did I miss an important step during the hypervisor install? My networking is Advanced + XenServer 6.2 with latest updates. I have the following network setup: NIC0 - Network Name in XenCenter - Management. ACS traffic label for the Management network is Management NIC1 - Network name in XenCenter - CloudStack - ACS traffic labels for Public and Guest networks is CloudStack Cheers Andrei
