yeah sure.. because i had the same problem and it was resolved by changing
these settings in sysctl file

On Thu, Sep 22, 2016 at 12:38 PM, Jeroen Keerl <jeroen.ke...@keerl-it.com>
wrote:

> Hi Vivek,
> I'll check the sysctl settings again tonight, but I am quite sure I set
> those correctly.Everything else was done "by the book".
> CheersJK
>
>
> Von meinem Samsung Galaxy Smartphone gesendet.<div>
> </div><div>
> </div><!-- originalMessage --><div>-------- Ursprüngliche Nachricht
> --------</div><div>Von: Vivek Kumar <vivek.ku...@indiqus.com>
> </div><div>Datum: 22.09.2016  08:14  (GMT+01:00) </div><div>An:
> users@cloudstack.apache.org, jeroen.ke...@keerl-it.com
> </div><div>Betreff: Re: SecurityGroup - not working? </div><div>
> </div>Hello Jeroen,
>
> when you setup basic Zone in Cloudstack with Xenserver you need to change
> few things in your Xenserver.
>
> 1- *xe-switch-network-backend bridge* ( I hope u have already done this ).
> 2- And you also need to do some  changes  in sysctl conf file for security
> groups.
>
> do below changes in /etc/sysctl.conf on xenserver
>
> net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-arptables = 1
>
> and run this command
>
> # sysctl -p /etc/sysctl.conf
>
> I hope this will work.
>
> *Vivek Kumar*
> Virtualization and Cloud Consultant
>
> [image: http://www.indiqus.com/images/logo.jpg]  <http://www.indiqus.com/>
> *I*ndi*Q*us Technologies Pvt Ltd
> A-98, LGF, C.R.Park, New Delhi - 110019
> *O* +91 11 4055 1411 | *M* +91 7503460090
> www.indiqus.com  <http://www.indiqus.com/>
>
>
>
> On Thu, Sep 22, 2016 at 1:43 AM, Jeroen Keerl <jeroen.ke...@keerl-it.com>
> wrote:
>
> > Hi,
> >
> > I had a few things configured on ACS – Basic Zone – Security Groups.
> > Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8.
> > Basic Networking, VMs created from template, also CentOS 6.8
> >
> > At first (default, first VM test) I could not log in using SSH.
> > Then I created the appropriate ingress rule and all was ok.
> > Same with ICMP (Ping) for 0.0.0.0/0
> > Now I wanted to test a few things in my test environment and removed
> these
> > rules, actually expecting that neither SSH nor ping would go through
> > anymore.
> >
> > Unfortunately they do, so apparently rules once set are not revoked upon
> > deletion.
> > I would expect nothing to come through, if no ingress rules are set, no
> > matter what iptables on the VM itself does.
> >
> > Tests:
> > - Delete all ingress rules (ping, SSH and webmin (TCP 10000))
> > - Disable iptables on VM
> > ⇨ Ping, ssh went through, Webmin didn’t.
> > - Enable iptables on VM
> > ⇨ Ping and ssh went through
> > - Insert ingress rule for webmin, iptables still enables
> > ⇨ Webmin times out (expected behaviour)
> > - Disable iptables
> > ⇨ Webmin works
> >
> > In the documentation you are pointed towards the “The procedure is
> > described in Basic Zone Configuration in the Advanced Installation
> Guide.”
> > (Managing Networks and Traffic – Enabling Security Groups)
> > Searched for it on the Apache Site: Not found.
> > Google gave me the “Advanced Installation Guide” from Citrix, Version
> > 3.*.* … in which you are directed to the administration guide.
> > Not really helpful!
> >
> > Does anybody know about this / experienced something like this before?
> >
> >
> >
> > *Jeroen Keerl*
> >
> >
> > *Keerl IT Services GmbH*Birkenstraße 1b . 21521 Aumühle
> >
> > +49 177 6320 317
> >
> > www.keerl-it.com
> > i...@keerl-it.com
> >
> > Geschäftsführer. Jacobus J. Keerl
> > Registergericht Lubeck. HRB-Nr. 14511
> >
> > Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
> > <http://www.keerl-it.com/AGB.pdf>
> >
> >
> >
>
>
> --
>
> *Vivek Kumar*
> Virtualization and Cloud Consultant
>
> [image: http://www.indiqus.com/images/logo.jpg]  <http://www.indiqus.com/>
> *I*ndi*Q*us Technologies Pvt Ltd
> A-98, LGF, C.R.Park, New Delhi - 110019
> *O* +91 11 4055 1411 | *M* +91 7503460090
> www.indiqus.com  <http://www.indiqus.com/>
>
>
>
>
>
> Jeroen Keerl
>
>
> Keerl IT Services GmbH
> Birkenstraße 1b . 21521 Aumühle
>
> +49 177 6320 317
>
> www.keerl-it.com
> i...@keerl-it.com
>
> Geschäftsführer. Jacobus J. Keerl
> Registergericht Lubeck. HRB-Nr. 14511
>
> Unsere Allgemeine Geschäftsbedingungen finden Sie hier.
>
>
>


-- 

*Vivek Kumar*
Virtualization and Cloud Consultant

[image: http://www.indiqus.com/images/logo.jpg]  <http://www.indiqus.com/>
*I*ndi*Q*us Technologies Pvt Ltd
A-98, LGF, C.R.Park, New Delhi - 110019
*O* +91 11 4055 1411 | *M* +91 7503460090
www.indiqus.com  <http://www.indiqus.com/>

Reply via email to