You need to update the anti spoofing rules. update iptables filter rules which drop by comparing NOT vm mac and ip on <vmchain>_default chain.
Also in 'arptables' update the anti spoofing rules on vmchain_default chain. Thanks, Jayapal On 05-Apr-2013, at 9:44 AM, Kirk Kosinski <[email protected]> wrote: > Adding a third IP works fine for me after deleting the DROP rules for > non-CloudStack IPs. > > Best regards, > Kirk > > On 04/04/2013 06:46 PM, Maurice Lawler wrote: >> Actually, I disabled ebtables. That seemed to clear the issue. However, >> what is the proper way to add yet another IP address; when ebtables is >> online. >> >> - Maurice >> >> On Apr 04, 2013, at 09:39 PM, Maurice Lawler <[email protected]> wrote: >> >>> One more thing, >>> >>> Your assistance was great, let me ask you this. I wanted to test to >>> see how far I can push this. While I was able to have one primary IP >>> addressed assigned by Cloud Stack and working with the ebtables I was >>> then able to add a secondary IP address; however, adding a third IP >>> address as I did the secondary IP address however, it fails; why is this? >>> >>> >>> >>> On Apr 04, 2013, at 09:30 PM, Maurice Lawler <[email protected]> >>> wrote: >>> >>>> Kirk, >>>> >>>> THANK YOU THANK YOU THANK YOU ! >>>> >>>> That worked PERFECTLY !!!! >>>> >>>> Appreciate your help GREATLY! >>>> >>>> >>>> Now if you or ANYONE can assist, a windows instance -- attaching a >>>> secondary virtual drive on it; I was given an exe and an ISO to >>>> install drivers; but I am not 100% >>>> >>>> - Maurice >>>> >>>> On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <[email protected]> >>>> wrote: >>>> >>>>> Hi, Maurice. The message you linked is about XenServer and not >>>>> applicable to KVM. One of the main purposes of security groups is to >>>>> prohibit exactly what you are trying to do. You may want to use a basic >>>>> zone without security groups if you routinely need to bypass their >>>>> functionality, or use an advanced zone to get full support for using >>>>> multiple guest networks, or wait for official support for multiple IPs >>>>> per NIC which seems to be coming in CloudStack 4.2 [1]. >>>>> >>>>> Anyway if this is a one-off case, one solution that seems to work is to >>>>> delete the ebtables DROP rules on the host for IPs not assigned to the >>>>> VM by CloudStack. There are inbound and outbound chains in the nat >>>>> table for each VM. For example, list the rules: >>>>> >>>>> ebtables -t nat -L i-2-3-VM-in --Ln >>>>> >>>>> And delete the DROP rule for the IP: >>>>> >>>>> ebtables -t nat -D i-2-3-VM-in 4 >>>>> >>>>> Do the same for the i-2-3-VM-out chain, and redo these steps any time >>>>> the VM migrates to a different host or is stopped and started. If you >>>>> generally want to use security groups but don't mind if VMs use >>>>> additional IPs, it should be possible to hack security_group.py on the >>>>> hosts to prevent the DROP rules from being created in the first place. >>>>> >>>>> Best regards, >>>>> Kirk >>>>> >>>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24 >>>>> >>>>> On 04/04/2013 01:23 PM, Maurice Lawler wrote: >>>>>> Hello Kirk, >>>>>> >>>>>> Yes, I am; the default security group settings in the basic mode. >>>>>> >>>>>> >>>>>> >>>>>> On Apr 04, 2013, at 04:06 PM, Kirk Kosinski >>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>>> >>>>>>> Are you using security groups in your basic zone? >>>>>>> >>>>>>> Kirk >>>>>>> >>>>>>> On 04/04/2013 10:23 AM, Maurice Lawler wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> >>>>>>>> Thank you so very much for the replies. I am using Basic Zone right >>>>>>> now and yes, I would like the ability to assign a secondary IP >>>>> address >>>>>>> to any instance (should the instances I a hosting request them) at >>>>>>> this point one has requested a secondary IP address. >>>>>>>> >>>>>>>> So the previous response, would that work in basic mode, how should >>>>>>> I proceed? >>>>>>>> >>>>>>>> - Maurice >>>>>>>> >>>>>>>> >>>>>>>> On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <[email protected] >>>>> <mailto:[email protected]> >>>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote: >>>>>>>> >>>>>>>>> Dropping -dev as to not cross post. Just to clear things up... >>>>>>>>> Maurice: this is for guests to have multiple ip's in a vm, right? >>>>>>> Would these ip's be on the same subnet or a different network. I >>>>> think >>>>>>> Chiradeep posted a way to technically get around this. Also for >>>>>>> further clarification, what cloudstack zone type are you working >>>>> with? >>>>>>>>> >>>>>>>>> Ahmad >>>>>>>>> >>>>>>>>> On Apr 3, 2013, at 9:36 PM, Maurice Lawler >>>>> <[email protected] <mailto:[email protected]> >>>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote: >>>>>>>>> >>>>>>>>>> Hello Cloud Stack Family, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I have attempted to the best of my ability to set this up. I have >>>>>>> an instance (actually two) I would like to toss one additional IP >>>>>>> address to two different instances. Cloud Stack 4.0.1 is proving >>>>> to be >>>>>>> rather difficult to accomplish this in. >>>>>>>>>> >>>>>>>>>> Here is my set-up: >>>>>>>>>> >>>>>>>>>> Single Server | CentOS 6.3 | KVM | CS 4.0.1 >>>>>>>>>> >>>>>>>>>> Yesterday, I was provided a helpful link: >>>>>>> http://markmail.org/message/bt7pqnen26v2o63k >>>>>>>>>> >>>>>>>>>> However, I am not making much sense out of that. >>>>>>>>>> >>>>>>>>>> If ANYONE has ANY experience adding a secondary IP address -- >>>>>>> please feel free to rescue me from the quick sand I am slowly >>>>> sinking in! >>>>>>>>>> >>>>>>>>>> I would greatly appreciate any and ALL help! >>>>>>>>>> >>>>>>>>>> Thanks again! >>>>>>>>>> >>>>>>>>>> - Maurice (aka: daoenix) >>>>>>>>
