Hello Jeroen,

when you setup basic Zone in Cloudstack with Xenserver you need to change
few things in your Xenserver.

1- *xe-switch-network-backend bridge* ( I hope u have already done this ).
2- And you also need to do some  changes  in sysctl conf file for security
groups.

do below changes in /etc/sysctl.conf on xenserver

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-arptables = 1

and run this command

# sysctl -p /etc/sysctl.conf

I hope this will work.

*Vivek Kumar*
Virtualization and Cloud Consultant

[image: http://www.indiqus.com/images/logo.jpg]  <http://www.indiqus.com/>
*I*ndi*Q*us Technologies Pvt Ltd
A-98, LGF, C.R.Park, New Delhi - 110019
*O* +91 11 4055 1411 | *M* +91 7503460090
www.indiqus.com  <http://www.indiqus.com/>



On Thu, Sep 22, 2016 at 1:43 AM, Jeroen Keerl <jeroen.ke...@keerl-it.com>
wrote:

> Hi,
>
> I had a few things configured on ACS – Basic Zone – Security Groups.
> Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8.
> Basic Networking, VMs created from template, also CentOS 6.8
>
> At first (default, first VM test) I could not log in using SSH.
> Then I created the appropriate ingress rule and all was ok.
> Same with ICMP (Ping) for 0.0.0.0/0
> Now I wanted to test a few things in my test environment and removed these
> rules, actually expecting that neither SSH nor ping would go through
> anymore.
>
> Unfortunately they do, so apparently rules once set are not revoked upon
> deletion.
> I would expect nothing to come through, if no ingress rules are set, no
> matter what iptables on the VM itself does.
>
> Tests:
> - Delete all ingress rules (ping, SSH and webmin (TCP 10000))
> - Disable iptables on VM
> ⇨ Ping, ssh went through, Webmin didn’t.
> - Enable iptables on VM
> ⇨ Ping and ssh went through
> - Insert ingress rule for webmin, iptables still enables
> ⇨ Webmin times out (expected behaviour)
> - Disable iptables
> ⇨ Webmin works
>
> In the documentation you are pointed towards the “The procedure is
> described in Basic Zone Configuration in the Advanced Installation Guide.”
> (Managing Networks and Traffic – Enabling Security Groups)
> Searched for it on the Apache Site: Not found.
> Google gave me the “Advanced Installation Guide” from Citrix, Version
> 3.*.* … in which you are directed to the administration guide.
> Not really helpful!
>
> Does anybody know about this / experienced something like this before?
>
>
>
> *Jeroen Keerl*
>
>
> *Keerl IT Services GmbH*Birkenstraße 1b . 21521 Aumühle
>
> +49 177 6320 317
>
> www.keerl-it.com
> i...@keerl-it.com
>
> Geschäftsführer. Jacobus J. Keerl
> Registergericht Lubeck. HRB-Nr. 14511
>
> Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
> <http://www.keerl-it.com/AGB.pdf>
>
>
>


-- 

*Vivek Kumar*
Virtualization and Cloud Consultant

[image: http://www.indiqus.com/images/logo.jpg]  <http://www.indiqus.com/>
*I*ndi*Q*us Technologies Pvt Ltd
A-98, LGF, C.R.Park, New Delhi - 110019
*O* +91 11 4055 1411 | *M* +91 7503460090
www.indiqus.com  <http://www.indiqus.com/>

Reply via email to