Hi Nux, Could you post security group log file on your 4.3 kvm host? The file is @/var/log/cloudstack/agent/security_group.log
> -----Original Message----- > From: Nux! [mailto:n...@li.nux.ro] > Sent: Friday, March 14, 2014 5:06 AM > To: dev@cloudstack.apache.org > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round) > > On 13.03.2014 21:24, Animesh Chaturvedi wrote: > >> [Animesh] Did you see this with prior RC too? > > [Animesh] Nux, security group support for advanced zone is limited and > > that too was developed in 4.2. I don’t think any changes have been > > made to that support since then. Can you call out what specific issue > > are you seeing? Most likely it is pre-existing issue or not supported. > > > > > > The functional spec from 4.2 is at [1] and I don’t know if all that is > > called out is implemented or not, adding Anthony and Chiradeep to the > > thread for further comments > > > > [1] > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based > > +on+Security+Groups+in+Advance+zone > > I could replicate this problem on a clean hypervisor. The security groups > seem broken on KVM/CentOS. > > It looks like the traffic doesn't go in the right chains, all traffic is > accepted as > FORWARD is set to ACCEPT. > There are zero packets going through BF-breth0-109. > > Here's outputs from: > iptables-save: http://paste.fedoraproject.org/85337/47982321/raw/ > ebatables-save: http://paste.fedoraproject.org/85338/79831713/raw/ > ipset -L: http://paste.fedoraproject.org/85339/79832613/raw/ > > I will install 4.2.1 as that one was working and try to compare the outputs. > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
