Hi, Maurice. The message you linked is about XenServer and not applicable to KVM. One of the main purposes of security groups is to prohibit exactly what you are trying to do. You may want to use a basic zone without security groups if you routinely need to bypass their functionality, or use an advanced zone to get full support for using multiple guest networks, or wait for official support for multiple IPs per NIC which seems to be coming in CloudStack 4.2 [1].
Anyway if this is a one-off case, one solution that seems to work is to delete the ebtables DROP rules on the host for IPs not assigned to the VM by CloudStack. There are inbound and outbound chains in the nat table for each VM. For example, list the rules: ebtables -t nat -L i-2-3-VM-in --Ln And delete the DROP rule for the IP: ebtables -t nat -D i-2-3-VM-in 4 Do the same for the i-2-3-VM-out chain, and redo these steps any time the VM migrates to a different host or is stopped and started. If you generally want to use security groups but don't mind if VMs use additional IPs, it should be possible to hack security_group.py on the hosts to prevent the DROP rules from being created in the first place. Best regards, Kirk [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24 On 04/04/2013 01:23 PM, Maurice Lawler wrote: > Hello Kirk, > > Yes, I am; the default security group settings in the basic mode. > > > > On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <[email protected]> wrote: > >> Are you using security groups in your basic zone? >> >> Kirk >> >> On 04/04/2013 10:23 AM, Maurice Lawler wrote: >> > Hello, >> > >> > >> > Thank you so very much for the replies. I am using Basic Zone right >> now and yes, I would like the ability to assign a secondary IP address >> to any instance (should the instances I a hosting request them) at >> this point one has requested a secondary IP address. >> > >> > So the previous response, would that work in basic mode, how should >> I proceed? >> > >> > - Maurice >> > >> > >> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <[email protected] >> <mailto:[email protected]>> wrote: >> > >> >> Dropping -dev as to not cross post. Just to clear things up... >> >> Maurice: this is for guests to have multiple ip's in a vm, right? >> Would these ip's be on the same subnet or a different network. I think >> Chiradeep posted a way to technically get around this. Also for >> further clarification, what cloudstack zone type are you working with? >> >> >> >> Ahmad >> >> >> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >>> Hello Cloud Stack Family, >> >>> >> >>> >> >>> I have attempted to the best of my ability to set this up. I have >> an instance (actually two) I would like to toss one additional IP >> address to two different instances. Cloud Stack 4.0.1 is proving to be >> rather difficult to accomplish this in. >> >>> >> >>> Here is my set-up: >> >>> >> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1 >> >>> >> >>> Yesterday, I was provided a helpful link: >> http://markmail.org/message/bt7pqnen26v2o63k >> >>> >> >>> However, I am not making much sense out of that. >> >>> >> >>> If ANYONE has ANY experience adding a secondary IP address -- >> please feel free to rescue me from the quick sand I am slowly sinking in! >> >>> >> >>> I would greatly appreciate any and ALL help! >> >>> >> >>> Thanks again! >> >>> >> >>> - Maurice (aka: daoenix) >> >
