VMware (on the end of this mail, you can see the full setup ) -----Original Message----- From: Rafael Weingärtner <rafaelweingart...@gmail.com> Sent: Monday, October 8, 2018 1:20 PM To: users <users@cloudstack.apache.org> Subject: Re: Virtual Router not accepting SSH connections from CloudStack Management server
What hypervisor do you use? On Mon, Oct 8, 2018 at 4:53 AM <cristian.c@istream.today> wrote: > Hello folks, > > > > Like I told in my previous email, my virtual router > is not accepting SSH connection from management server.. or any other server. > What I have found is that my default iptables rule looks incorrect for > me, accepting connection on 3922 only for eth1. : > > > > 51 2408 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 158.69.17.226 tcp dpt:53 > > 403K 30M ACCEPT udp -- eth0 * 0.0.0.0/0 > 158.69.17.226 udp dpt:53 > > 13473 4411K ACCEPT udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:67 > > 9421K 982M NETWORK_STATS all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3922 state NEW,ESTABLISHED > > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 224.0.0.18 > > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 225.0.0.50 > > 7270K 821M ACCEPT all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > > 396K 20M ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 > > 0 0 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > > > > Router interface : > > > > root@r-2055-VM:~# ip a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > group default qlen 1 > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > valid_lft forever preferred_lft forever > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > state UP group default qlen 1000 > > link/ether 1e:00:85:00:00:33 brd ff:ff:ff:ff:ff:ff > > inet 158.xx.xx.226/28 brd 158.69.17.239 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 167. xx.xx.246/28 brd 167.114.12.255 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 149. xx.xx.80/27 brd 149.56.173.95 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 192. xx.xx.79/26 brd 192.99.175.127 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 198. xx.xx.162/27 brd 198.50.180.191 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 149. xx.xx.99/27 brd 149.56.254.127 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 144. xx.xx.199/27 brd 144.217.38.223 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 144. xx.xx.177/27 brd 144.217.178.191 scope global eth0 > > valid_lft forever preferred_lft forever > > inet 66. xx.xx.133/27 brd 66.70.150.159 scope global eth0 > > valid_lft forever preferred_lft forever > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group > default qlen 1000 > > link/ether 02:00:06:0b:00:dc brd ff:ff:ff:ff:ff:ff > > > > > > After adding the following rule : iptables -A INPUT -p tcp --dport > 3922 -j ACCEPT, everything works till next restart ( or reloading the > iptables ) is this a bug? Any suggestions? > > > > > > > > =============================== > > Additional info from previous mail: > > > > > > Current environment : CloudStack 4.11.1 (shapeblue) + VMware > 5.5, Local storage, Basic Networking. ( this is an old environment, 4.5.2, . > 4.9, 4.11.1 ) > > > > Right now I get the following error : > deployedCheckSshCommand) > (logid:236afb1a) Could not connect to 149.xxx.xx.53 due to > java.net.ConnectException: Connection timed out, my router is stuck in > starting mode. > > > > After testing manually I saw that I'm not able to connect to > VR by using SSH (management -> virtual router ) I was able to ping, > telnet on 80 but not able to connect on 3922 . : > > > > [root@cloud-emea ~]# ping 149.xxx.xx.53 > > PING 149.xxx.xx.53 (149.xxx.xx.53) 56(84) bytes of data. > > 64 bytes from 149.xxx.xx.53: icmp_seq=1 ttl=63 time=1.83 ms > > ^C > > --- 149.xxx.xx.53ping statistics --- > > 1 packets transmitted, 1 received, 0% packet loss, time 932ms > > rtt min/avg/max/mdev = 1.832/1.832/1.832/0.000 ms > > [root@cloud-emea ~]# telnet 149.xxx.xx.5380 > > Trying 149.xxx.xx.53... > > Connected to 149.xxx.xx.53. > > Escape character is '^]'. > > ^] > > telnet> quit > > Connection closed. > > [root@cloud-emea ~]# telnet 149.xxx.xx.53 3922 > > Trying 149.xxx.xx.53... > > > > > > I come with the idea connect on VR by using console and add the > following firewall rule : iptables -A INPUT -p tcp -m state --state > NEW --dport 3922 -j ACCEPT, my problem was "fixed" but after sometime > I have the same issue again, for example in case of my router is > destroyed. > > > > > > Thank you! > > Cristian > > > > > > -- Rafael Weingärtner
