git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

***UNCHECKED*** Re: Unable to communicate to instances on new host - iptables?


Is your guest network the bond0.200?




________________________________
From: Jevgeni Zolotarjov <j.zolotarjov@xxxxxxxxx>
Sent: Wednesday, September 19, 2018 9:34 AM
To: users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Unable to communicate to instances on new host - iptables?

sure

iptables:
*mangle
:PREROUTING ACCEPT [4215:32894293]
:INPUT ACCEPT [3585:32849592]
:FORWARD ACCEPT [756:57998]
:OUTPUT ACCEPT [3739:715406]
:POSTROUTING ACCEPT [4495:773404]
COMMIT

*nat
:PREROUTING ACCEPT [22:3593]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [3:4508]
:POSTROUTING ACCEPT [25:8101]
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [28:1788]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to
127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m comment --comment "Accept all incoming" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow
all incoming on established connections" -j ACCEPT
-A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT
COMMIT


On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <sweller@xxxxxxx.invalid>
wrote:

> Can you provide your iptables rules on your hosts?
>
>
>
> ________________________________
> From: Jevgeni Zolotarjov <j.zolotarjov@xxxxxxxxx>
> Sent: Wednesday, September 19, 2018 9:29 AM
> To: users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Unable to communicate to instances on new host - iptables?
>
> sorry. corrected network config
>
> ifcfg-bond0:
> TYPE=Bond
> BONDING_MASTER=yes
> BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> DEVICE=bond0
> ONBOOT=yes
> BOOTPROTO=none
> USERCTL=no
> HOTPLUG=no
> BRIDGE=cloudbr0
> NM_CONTROLLED=no
>
> ifcfg-bond0.200:
> DEVICE=bond0.200
> ONBOOT=yes
> HOTPLUG=no
> BOOTPROTO=none
> VLAN=yes
> BRIDGE=cloudbr1
>
>
> ifcfg-cloudbr0:
> DEVICE=cloudbr0
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
> IPADDR=192.168.1.5
> GATEWAY=192.168.1.1
> NETMASK=255.255.254.0
>
> ifcfg-cloudbr1:
> DEVICE=cloudbr1
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=none
> IPV6INIT=no
> IPV6_AUTOCONF=no
> DELAY=5
> STP=yes
>
> On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <j.zolotarjov@xxxxxxxxx
> >
> wrote:
>
> > Hi Simon,
> >
> > I am not using advanced network.
> >
> > Here is my network configuration
> > ifcfg-bond0:
> > TYPE=Bond
> > BONDING_MASTER=yes
> > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0"
> > DEVICE=bond0
> > ONBOOT=yes
> > BOOTPROTO=none
> > USERCTL=no
> > HOTPLUG=no
> > BRIDGE=cloudbr0
> > NM_CONTROLLED=no
> >
> > ifcfg-bond0.200:
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> >
> > DEVICE=bond0.200
> > ONBOOT=yes
> > HOTPLUG=no
> > BOOTPROTO=none
> > #TYPE=Ethernet
> > VLAN=yes
> > BRIDGE=cloudbr1
> >
> > ifcfg-cloudbr0:
> > DEVICE=cloudbr0
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> > IPADDR=192.168.1.5
> > GATEWAY=192.168.1.1
> > NETMASK=255.255.254.0
> >
> > ifcfg-cloudbr1:
> > DEVICE=cloudbr1
> > TYPE=Bridge
> > ONBOOT=yes
> > BOOTPROTO=none
> > IPV6INIT=no
> > IPV6_AUTOCONF=no
> > DELAY=5
> > STP=yes
> >
> >
> >
> > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <sweller@xxxxxxx.invalid>
> > wrote:
> >
> >> Jevgeni,
> >>
> >>
> >> What type of networking are you using on your hosts? If advanced, what
> >> type of isolation?
> >>
> >>
> >> - Si
> >>
> >> ________________________________
> >> From: Jevgeni Zolotarjov <j.zolotarjov@xxxxxxxxx>
> >> Sent: Wednesday, September 19, 2018 3:17 AM
> >> To: users@xxxxxxxxxxxxxxxxxxxxx
> >> Subject: Unable to communicate to instances on new host - iptables?
> >>
> >> Hello!
> >>
> >> We are running CS 4.11.1 on CentOS7 (latest)
> >>
> >> Previously the installation had just 1 KVM host.
> >> Now we added another identical host.
> >> After some configuration hassle with libvirtd, new host is up and
> running.
> >>
> >> I followed strictly the host installation guide for 4.11.
> >> But instances running on new host are not accessible via tcp/ip. Neither
> >> they can access network.
> >>
> >> I found out that stopping iptables on new host resolves the problem. But
> >> this is not the solution, I guess.
> >>
> >> Please help.
> >>
> >
>