yeah sure.. because i had the same problem and it was resolved by changing these settings in sysctl file
On Thu, Sep 22, 2016 at 12:38 PM, Jeroen Keerl <[email protected]> wrote: > Hi Vivek, > I'll check the sysctl settings again tonight, but I am quite sure I set > those correctly.Everything else was done "by the book". > CheersJK > > > Von meinem Samsung Galaxy Smartphone gesendet.<div> > </div><div> > </div><!-- originalMessage --><div>-------- Ursprüngliche Nachricht > --------</div><div>Von: Vivek Kumar <[email protected]> > </div><div>Datum: 22.09.2016 08:14 (GMT+01:00) </div><div>An: > [email protected], [email protected] > </div><div>Betreff: Re: SecurityGroup - not working? </div><div> > </div>Hello Jeroen, > > when you setup basic Zone in Cloudstack with Xenserver you need to change > few things in your Xenserver. > > 1- *xe-switch-network-backend bridge* ( I hope u have already done this ). > 2- And you also need to do some changes in sysctl conf file for security > groups. > > do below changes in /etc/sysctl.conf on xenserver > > net.bridge.bridge-nf-call-iptables = 1 > net.bridge.bridge-nf-call-ip6tables = 0 > net.bridge.bridge-nf-call-arptables = 1 > > and run this command > > # sysctl -p /etc/sysctl.conf > > I hope this will work. > > *Vivek Kumar* > Virtualization and Cloud Consultant > > [image: http://www.indiqus.com/images/logo.jpg] <http://www.indiqus.com/> > *I*ndi*Q*us Technologies Pvt Ltd > A-98, LGF, C.R.Park, New Delhi - 110019 > *O* +91 11 4055 1411 | *M* +91 7503460090 > www.indiqus.com <http://www.indiqus.com/> > > > > On Thu, Sep 22, 2016 at 1:43 AM, Jeroen Keerl <[email protected]> > wrote: > > > Hi, > > > > I had a few things configured on ACS – Basic Zone – Security Groups. > > Setup: 2 Citrix 6.5 hosts, Mgmt server under CentOS 6.8. > > Basic Networking, VMs created from template, also CentOS 6.8 > > > > At first (default, first VM test) I could not log in using SSH. > > Then I created the appropriate ingress rule and all was ok. > > Same with ICMP (Ping) for 0.0.0.0/0 > > Now I wanted to test a few things in my test environment and removed > these > > rules, actually expecting that neither SSH nor ping would go through > > anymore. > > > > Unfortunately they do, so apparently rules once set are not revoked upon > > deletion. > > I would expect nothing to come through, if no ingress rules are set, no > > matter what iptables on the VM itself does. > > > > Tests: > > - Delete all ingress rules (ping, SSH and webmin (TCP 10000)) > > - Disable iptables on VM > > ⇨ Ping, ssh went through, Webmin didn’t. > > - Enable iptables on VM > > ⇨ Ping and ssh went through > > - Insert ingress rule for webmin, iptables still enables > > ⇨ Webmin times out (expected behaviour) > > - Disable iptables > > ⇨ Webmin works > > > > In the documentation you are pointed towards the “The procedure is > > described in Basic Zone Configuration in the Advanced Installation > Guide.” > > (Managing Networks and Traffic – Enabling Security Groups) > > Searched for it on the Apache Site: Not found. > > Google gave me the “Advanced Installation Guide” from Citrix, Version > > 3.*.* … in which you are directed to the administration guide. > > Not really helpful! > > > > Does anybody know about this / experienced something like this before? > > > > > > > > *Jeroen Keerl* > > > > > > *Keerl IT Services GmbH*Birkenstraße 1b . 21521 Aumühle > > > > +49 177 6320 317 > > > > www.keerl-it.com > > [email protected] > > > > Geschäftsführer. Jacobus J. Keerl > > Registergericht Lubeck. HRB-Nr. 14511 > > > > Unsere Allgemeine Geschäftsbedingungen finden Sie hier. > > <http://www.keerl-it.com/AGB.pdf> > > > > > > > > > -- > > *Vivek Kumar* > Virtualization and Cloud Consultant > > [image: http://www.indiqus.com/images/logo.jpg] <http://www.indiqus.com/> > *I*ndi*Q*us Technologies Pvt Ltd > A-98, LGF, C.R.Park, New Delhi - 110019 > *O* +91 11 4055 1411 | *M* +91 7503460090 > www.indiqus.com <http://www.indiqus.com/> > > > > > > Jeroen Keerl > > > Keerl IT Services GmbH > Birkenstraße 1b . 21521 Aumühle > > +49 177 6320 317 > > www.keerl-it.com > [email protected] > > Geschäftsführer. Jacobus J. Keerl > Registergericht Lubeck. HRB-Nr. 14511 > > Unsere Allgemeine Geschäftsbedingungen finden Sie hier. > > > -- *Vivek Kumar* Virtualization and Cloud Consultant [image: http://www.indiqus.com/images/logo.jpg] <http://www.indiqus.com/> *I*ndi*Q*us Technologies Pvt Ltd A-98, LGF, C.R.Park, New Delhi - 110019 *O* +91 11 4055 1411 | *M* +91 7503460090 www.indiqus.com <http://www.indiqus.com/>
