Hello Jeroen, when you setup basic Zone in Cloudstack with Xenserver you need to change few things in your Xenserver.
1- *xe-switch-network-backend bridge* ( I hope u have already done this ). 2- And you also need to do some changes in sysctl conf file for security groups. do below changes in /etc/sysctl.conf on xenserver net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-arptables = 1 and run this command # sysctl -p /etc/sysctl.conf I hope this will work. *Vivek Kumar* Virtualization and Cloud Consultant [image: http://www.indiqus.com/images/logo.jpg] <http://www.indiqus.com/> *I*ndi*Q*us Technologies Pvt Ltd A-98, LGF, C.R.Park, New Delhi - 110019 *O* +91 11 4055 1411 | *M* +91 7503460090 www.indiqus.com <http://www.indiqus.com/> On Thu, Sep 22, 2016 at 1:43 AM, Jeroen Keerl <jeroen.ke...@keerl-it.com> wrote: > Hi, > > I had a few things configured on ACS – Basic Zone – Security Groups. > Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8. > Basic Networking, VMs created from template, also CentOS 6.8 > > At first (default, first VM test) I could not log in using SSH. > Then I created the appropriate ingress rule and all was ok. > Same with ICMP (Ping) for 0.0.0.0/0 > Now I wanted to test a few things in my test environment and removed these > rules, actually expecting that neither SSH nor ping would go through > anymore. > > Unfortunately they do, so apparently rules once set are not revoked upon > deletion. > I would expect nothing to come through, if no ingress rules are set, no > matter what iptables on the VM itself does. > > Tests: > - Delete all ingress rules (ping, SSH and webmin (TCP 10000)) > - Disable iptables on VM > ⇨ Ping, ssh went through, Webmin didn’t. > - Enable iptables on VM > ⇨ Ping and ssh went through > - Insert ingress rule for webmin, iptables still enables > ⇨ Webmin times out (expected behaviour) > - Disable iptables > ⇨ Webmin works > > In the documentation you are pointed towards the “The procedure is > described in Basic Zone Configuration in the Advanced Installation Guide.” > (Managing Networks and Traffic – Enabling Security Groups) > Searched for it on the Apache Site: Not found. > Google gave me the “Advanced Installation Guide” from Citrix, Version > 3.*.* … in which you are directed to the administration guide. > Not really helpful! > > Does anybody know about this / experienced something like this before? > > > > *Jeroen Keerl* > > > *Keerl IT Services GmbH*Birkenstraße 1b . 21521 Aumühle > > +49 177 6320 317 > > www.keerl-it.com > i...@keerl-it.com > > Geschäftsführer. Jacobus J. Keerl > Registergericht Lubeck. HRB-Nr. 14511 > > Unsere Allgemeine Geschäftsbedingungen finden Sie hier. > <http://www.keerl-it.com/AGB.pdf> > > > -- *Vivek Kumar* Virtualization and Cloud Consultant [image: http://www.indiqus.com/images/logo.jpg] <http://www.indiqus.com/> *I*ndi*Q*us Technologies Pvt Ltd A-98, LGF, C.R.Park, New Delhi - 110019 *O* +91 11 4055 1411 | *M* +91 7503460090 www.indiqus.com <http://www.indiqus.com/>
