Bingo! When I turn off the firewall of the "host" carrying the VM, I can ping and ssh into the VM. It means I will have to add some rules to the iptables but I don't know exactly what those rules would look like. Can you please help me
________________________________ From: Muhammad Adeel Zahid Sent: Friday, April 7, 2017 1:18:06 AM To: users@cloudstack.apache.org Subject: Re: Accessing Virtual Instances from other systems on the same subnet One more thing. The default template just downloaded. But the same result. I can ping my instance VM's from the "host" they are running on but not from any other machine. I will repeat the steps you told and will get back to you. ________________________________ From: Rafael Weingärtner <rafaelweingart...@gmail.com> Sent: Friday, April 7, 2017 1:08:47 AM To: users@cloudstack.apache.org Subject: Re: Accessing Virtual Instances from other systems on the same subnet Well, if that is the case, I would do the following while pinging from the outside world: - tcpdump inside these problematic VMs to check if they can see ping packets; - If they cannot, I would check iptables rules (iptables -L) on both VMs and hosts; - Then, I would check the tcpdump also on a host where the VMs are running to see if the packets are at least getting into the host. - I would also check the arp table of your client PC (just in case) On Thu, Apr 6, 2017 at 4:02 PM, Muhammad Adeel Zahid <16030...@lums.edu.pk> wrote: > I tried it both way. I ran VMs on the same systems and I also ran VMs on a > system different than system VMs but the result is same. > > ________________________________ > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > Sent: Friday, April 7, 2017 12:58:33 AM > To: users@cloudstack.apache.org > Subject: Re: Accessing Virtual Instances from other systems on the same > subnet > > Are these users VMs running on the same server as the system vms? > > On Thu, Apr 6, 2017 at 3:54 PM, Muhammad Adeel Zahid <16030...@lums.edu.pk > > > wrote: > > > ah, my bad, I meant one server running both cloudstack-management and kvm > > and another server running kvm alone. Both are physical machines. > > > > ________________________________ > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > Sent: Friday, April 7, 2017 12:51:42 AM > > To: users@cloudstack.apache.org > > Subject: Re: Accessing Virtual Instances from other systems on the same > > subnet > > > > I did not understand what you mean by "a server running management studio > > and KVM" > > > > On Thu, Apr 6, 2017 at 3:48 PM, Muhammad Adeel Zahid < > 16030...@lums.edu.pk > > > > > wrote: > > > > > Yes, I added the basic zone. I have one server running the management > > > studio and KVM both and another machine running kvm alone. > > > > > > ________________________________ > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > Sent: Friday, April 7, 2017 12:23:50 AM > > > To: users@cloudstack.apache.org > > > Subject: Re: Accessing Virtual Instances from other systems on the same > > > subnet > > > > > > Hmm, it should not be a problem just because you are using a ISO based > > VM. > > > Have you tried to instantiate the VM using the CentOS template that > comes > > > with ACS? > > > These KVM servers you are using, are they real servers or VMs? > > > > > > If you followed ( > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > installation/en/4.9/qig.html), > > > then you have deployed a basic zone. > > > > > > On Thu, Apr 6, 2017 at 3:16 PM, Muhammad Adeel Zahid < > > 16030...@lums.edu.pk > > > > > > > wrote: > > > > > > > Hi Rafael, > > > > > > > > > > > > Thanks for reaching out. I am not sure about traffic labeling and > rest > > of > > > > the stuff. I have just setup the basic installation using this > tutorial > > > > http://docs.cloudstack.apache.org/projects/cloudstack- > > > > installation/en/4.9/qig.html and haven't explicitly set anything that > > is > > > > not in the tutorial. About the IP addresses of VM's. Yes, they seem > to > > > have > > > > a single IP (ifconfig). Please note that I am creating VM's from > cenots > > > 6.8 > > > > minimal ISO image that I intend to use later as template. Does that > > > create > > > > the problem? > > > > > > > > > > > > Adeel > > > > > > > > > > > > ________________________________ > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > Sent: Friday, April 7, 2017 12:05:15 AM > > > > To: users@cloudstack.apache.org > > > > Subject: Re: Accessing Virtual Instances from other systems on the > same > > > > subnet > > > > > > > > I asked a clarification because anything is a VM/instance (system and > > > > users), I wanted to know if the VMs without access were either a > system > > > VM > > > > (VR, SSVM, CVM or others) or a user VM. > > > > Well, what is your setup? Are you using basic network where the > public > > IP > > > > is assigned directly to users VMs? > > > > > > > > I asked you about the traffic label you are using for the public > > network. > > > > System VMs get IPs on management and public networks. The SSVM has > also > > > an > > > > IP on storage network. So, it seems that everything is fine with your > > > > public networks, not so sure about the rest.VMs get an IP on Guest > > > network. > > > > The basic zone setup you will set the Guest IP as the public network > > > (with > > > > external access). Do these VMs have only a single IP? > > > > > > > > On Thu, Apr 6, 2017 at 2:57 PM, Muhammad Adeel Zahid < > > > 16030...@lums.edu.pk > > > > > > > > > wrote: > > > > > > > > > Specifically, by instances I mean the following > > > > > > > > > > > > > > > > > > > > I think, you people call it instance VM's or just VM's. You can > see > > > that > > > > > my instance VM's has addressed 10.0.0.124 & 10.0.0.141 > respectively. > > I > > > > can > > > > > access or ping them from the host they are running on but I cannot > > > access > > > > > or ping them from any other machine on the same network i.e > > > 10.0.0.0/24. > > > > > > > > > > On the other hand there are system VMs like Primary storage and > > > secondary > > > > > storage VM's as shown in figure below. > > > > > > > > > > > > > > > > > > > > I can access or ping these VM's using their public IP address from > > any > > > of > > > > > the systems on the same subnet (be they part of cloudstack > > installation > > > > or > > > > > not). Now my question is, how I can access/ping my instance VM's > from > > > any > > > > > system in the same subnet i.e 10.0.0.0/24? > > > > > > > > > > > > > > > Hope that clarifies the question > > > > > > > > > > > > > > > ------------------------------ > > > > > *From:* Muhammad Adeel Zahid <16030...@lums.edu.pk> > > > > > *Sent:* Thursday, April 6, 2017 6:05:57 PM > > > > > > > > > > *To:* users@cloudstack.apache.org > > > > > *Subject:* Re: Accessing Virtual Instances from other systems on > the > > > same > > > > > subnet > > > > > > > > > > by instances I mean what cloudstack management server calls > > instances. > > > I > > > > > have followed the sample guide to install cloudstack management and > > KVM > > > > on > > > > > two separate machines and got no error during the installation. > > > > > > > > > > ________________________________ > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > > > > > Sent: Thursday, April 6, 2017 5:21:53 PM > > > > > To: users@cloudstack.apache.org > > > > > Subject: Re: Accessing Virtual Instances from other systems on the > > same > > > > > subnet > > > > > > > > > > What is your setup? > > > > > What do you mean by instances? User VMs? > > > > > I am assuming you are talking about the public IP. Did you set the > > name > > > > of > > > > > the public bridge properly (interface where the public traffic > goes)? > > > > > > > > > > On Thu, Apr 6, 2017 at 6:44 AM, Muhammad Adeel Zahid < > > > > 16030...@lums.edu.pk > > > > > > > > > > > wrote: > > > > > > > > > > > Hi Guys, > > > > > > > > > > > > > > > > > > I have setup cloudstack management and hpyervisor (KVM) on > machine > > 1 > > > > and > > > > > > machine 2 respectively. I am successfully able to ping the > > instances > > > > from > > > > > > hypervisor machine (machine 2) but I can't ping it from any of > the > > > > other > > > > > > machines on the same subnet. Why is that? How can I make it > work? > > > > > > > > > > > > > > > > > > Another observation is that I can ping secondary storage and > > primary > > > > > > storage vm's from any system on the same subnet without any extra > > > > > > configuration. Can I have similar configuration-free setup from > > > virtual > > > > > > instances? If not, what else I have to do to ping/access virtual > > > > > instances > > > > > > from other machines in the same subnet. > > > > > > > > > > > > > > > > > > Regards > > > > > > > > > > > > Adeel > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > > > > > > -- > > > > Rafael Weingärtner > > > > > > > > > > > > > > > > -- > > > Rafael Weingärtner > > > > > > > > > > > -- > > Rafael Weingärtner > > > > > > -- > Rafael Weingärtner > -- Rafael Weingärtner
