The below rules block the traffic from the secondary ips.
> -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
> -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
you can either delete above rules or flush the chains.
Thanks,
Jayapal
On 27-Apr-2013, at 5:05 AM, Mauric
<<< text/html; CHARSET=US-ASCII: Unrecognized >>>
<<< text/html; CHARSET=US-ASCII: Unrecognized >>>
Maurice,
You need to change the below rule in eatables to work for secondary ips.
ebtables -t nat -A + vmchain_in + -p ARP --arp-ip-src ! + vm_ip + -j DROP
ebtables -t nat -A + vmchain_out + -p ARP --arp-ip-dst ! + vm_ip + -j DROP
updated to:
ebtables -t nat -A + vmchain_in + " -p
I don't remember exactly, but if you look at what IS allowed in the
ebtables output, this will show you example rules.
On Fri, Apr 19, 2013 at 2:20 PM, Maurice Lawler wrote:
> Great -- My ebtables rules are back in place. Now, how can I go about
> dropping the rule to allow a secondary IP traffi
<<< text/html; CHARSET=US-ASCII: Unrecognized >>>
you can go back and disable security groups in the zone if you don't care
about the ebtables rules, or you can start up ebtables and then restart any
associated VMs through cloudstack. The rules are dynamic, so they're not
going to be saved anywhere on the host to be reinstated, they have to be
rea
Anyone know how to correct my mistake?
- Maurice
On Apr 19, 2013, at 2:01 AM, Maurice Lawler wrote:
> Perhaps this was not the best thing, now my ports are open; how can I revert
> back to eatables.
>
> Along with that, when reverted, how can I drop rules for a particular VM to
> allow com
Perhaps this was not the best thing, now my ports are open; how can I revert
back to eatables.
Along with that, when reverted, how can I drop rules for a particular VM to
allow communication via second IP address.
On Apr 18, 2013, at 10:34 PM, Maurice Lawler wrote:
> Disregard, for now, I
