Hi, port 3922 is custom SSH port for SSH connections from the hypervisor to the system VM (VR in your case). This port should be created on the "Control" NIC, as visible in the NICs tab on the VR (infrastructure-->Vrirtual Routers)
Can you share you setup - ACS version - Basic zone or Advanced (if Advanced, what kind of network - shared?) what is your setup of TRAFFIC TYPES on PHYSICAL networks (do you have i.e. just a single "Physical Network" in the ZONE and all traffic types are there (mgmt, public, guest, storage?)), do you have a separate Storage network/traffic type setup. i.e. execute SELECT * FROM physical_network_isolation_methods; SELECT * FROM physical_network; SELECT * FROM physical_network_traffic_types; but **PLEASE** - make sure the output is aligned (values vs. columns) - otherwise I really can't read it :( (or do 'G instead of ; in SQL) inside CPVM and SSVM - is the 3922 port open on correct NIC/ethXXX ? Best, Andrija On Thu, 10 Oct 2019 at 20:08, <cristian.c@istream.today> wrote: > Hello, > > > > I have a very old problem, happening on each ACS version multiple > basic > environments, why the iptables rules are deployed wrong, why with eth1 when > there is no IP on eth1? Each time I must create the rule manually: > > > > This is what I see in iptables, normally I should see eth0 > > > > -A INPUT -i eth1 -p tcp -m tcp --dport 3922 -m state --state > NEW,ESTABLISHED > -j ACCEPT > > > > > > root@r-2705-VM:/etc/iptables# ip a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1 > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > valid_lft forever preferred_lft forever > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP group default qlen 1000 > > link/ether 1e:00:52:00:00:33 brd ff:ff:ff:ff:ff:ff > > inet 158.69.xx.xxx/28 brd 158.69.xx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > inet 167.114.xx.xxx/28 brd 167.114.xx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > inet 149.56.xx.xxx/27 brd 149.56.xxx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > inet 192.99.xxx.xxx/26 brd 192.99.xxx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > inet 198.50.xxx.xxx/27 brd 198.50.xxx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > inet 149.56.xxx.xxx/27 brd 149.56.xxx.xxxscope global eth0 > > valid_lft forever preferred_lft forever > > inet 144.217.xxx.xxx/27 brd 144.217.xxx.xxx scope global eth0 > > valid_lft forever preferred_lft forever > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default > qlen 1000 > > link/ether 02:00:57:15:02:01 brd ff:ff:ff:ff:ff:ff > > root@r-2705-VM:/etc/iptables# > > > > > > Regards, > > Cristian > > > > > > > > -- Andrija Panić
