Hi,

I had a few things configured on ACS – Basic Zone – Security Groups.
Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8.
Basic Networking, VMs created from template, also CentOS 6.8

At first (default, first VM test) I could not log in using SSH.
Then I created the appropriate ingress rule and all was ok.
Same with ICMP (Ping) for 0.0.0.0/0
Now I wanted to test a few things in my test environment and removed these 
rules, actually expecting that neither SSH nor ping would go through anymore.

Unfortunately they do, so apparently rules once set are not revoked upon 
deletion.
I would expect nothing to come through, if no ingress rules are set, no matter 
what iptables on the VM itself does.

Tests:
- Delete all ingress rules (ping, SSH and webmin (TCP 10000))
- Disable iptables on VM
⇨ Ping, ssh went through, Webmin didn’t.
- Enable iptables on VM
⇨ Ping and ssh went through
- Insert ingress rule for webmin, iptables still enables
⇨ Webmin times out (expected behaviour)
- Disable iptables
⇨ Webmin works

In the documentation you are pointed towards the “The procedure is described in 
Basic Zone Configuration in the Advanced Installation Guide.”
(Managing Networks and Traffic – Enabling Security Groups)
Searched for it on the Apache Site: Not found.
Google gave me the “Advanced Installation Guide” from Citrix, Version 3.*.* … 
in which you are directed to the administration guide.
Not really helpful!

Does anybody know about this / experienced something like this before?





Jeroen Keerl


Keerl IT Services GmbH
Birkenstraße 1b . 21521 Aumühle

+49 177 6320 317

www.keerl-it.com
i...@keerl-it.com

Geschäftsführer. Jacobus J. Keerl
Registergericht Lubeck. HRB-Nr. 14511

Unsere Allgemeine Geschäftsbedingungen finden Sie hier.


Reply via email to