sure iptables: *mangle :PREROUTING ACCEPT [4215:32894293] :INPUT ACCEPT [3585:32849592] :FORWARD ACCEPT [756:57998] :OUTPUT ACCEPT [3739:715406] :POSTROUTING ACCEPT [4495:773404] COMMIT
*nat :PREROUTING ACCEPT [22:3593] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [3:4508] :POSTROUTING ACCEPT [25:8101] COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [28:1788] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -m comment --comment "Allow all loopback traffic" -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -m comment --comment "Drop all traffic to 127 that doesn\'t use lo" -j REJECT --reject-with icmp-port-unreachable -A INPUT -m comment --comment "Accept all incoming" -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow all incoming on established connections" -j ACCEPT -A OUTPUT -m comment --comment "Accept all outgoing" -j ACCEPT COMMIT On Wed, Sep 19, 2018 at 5:31 PM Simon Weller <[email protected]> wrote: > Can you provide your iptables rules on your hosts? > > > > ________________________________ > From: Jevgeni Zolotarjov <[email protected]> > Sent: Wednesday, September 19, 2018 9:29 AM > To: [email protected] > Subject: Re: Unable to communicate to instances on new host - iptables? > > sorry. corrected network config > > ifcfg-bond0: > TYPE=Bond > BONDING_MASTER=yes > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0" > DEVICE=bond0 > ONBOOT=yes > BOOTPROTO=none > USERCTL=no > HOTPLUG=no > BRIDGE=cloudbr0 > NM_CONTROLLED=no > > ifcfg-bond0.200: > DEVICE=bond0.200 > ONBOOT=yes > HOTPLUG=no > BOOTPROTO=none > VLAN=yes > BRIDGE=cloudbr1 > > > ifcfg-cloudbr0: > DEVICE=cloudbr0 > TYPE=Bridge > ONBOOT=yes > BOOTPROTO=none > IPV6INIT=no > IPV6_AUTOCONF=no > DELAY=5 > STP=yes > IPADDR=192.168.1.5 > GATEWAY=192.168.1.1 > NETMASK=255.255.254.0 > > ifcfg-cloudbr1: > DEVICE=cloudbr1 > TYPE=Bridge > ONBOOT=yes > BOOTPROTO=none > IPV6INIT=no > IPV6_AUTOCONF=no > DELAY=5 > STP=yes > > On Wed, Sep 19, 2018 at 5:27 PM Jevgeni Zolotarjov <[email protected] > > > wrote: > > > Hi Simon, > > > > I am not using advanced network. > > > > Here is my network configuration > > ifcfg-bond0: > > TYPE=Bond > > BONDING_MASTER=yes > > BONDING_OPTS="mode=802.3ad miimon=100 updelay=0 downdelay=0" > > DEVICE=bond0 > > ONBOOT=yes > > BOOTPROTO=none > > USERCTL=no > > HOTPLUG=no > > BRIDGE=cloudbr0 > > NM_CONTROLLED=no > > > > ifcfg-bond0.200: > > DEVICE=bond0.200 > > ONBOOT=yes > > HOTPLUG=no > > BOOTPROTO=none > > VLAN=yes > > BRIDGE=cloudbr1 > > > > ifcfg-cloudbr0: > > > > DEVICE=bond0.200 > > ONBOOT=yes > > HOTPLUG=no > > BOOTPROTO=none > > #TYPE=Ethernet > > VLAN=yes > > BRIDGE=cloudbr1 > > > > ifcfg-cloudbr0: > > DEVICE=cloudbr0 > > TYPE=Bridge > > ONBOOT=yes > > BOOTPROTO=none > > IPV6INIT=no > > IPV6_AUTOCONF=no > > DELAY=5 > > STP=yes > > IPADDR=192.168.1.5 > > GATEWAY=192.168.1.1 > > NETMASK=255.255.254.0 > > > > ifcfg-cloudbr1: > > DEVICE=cloudbr1 > > TYPE=Bridge > > ONBOOT=yes > > BOOTPROTO=none > > IPV6INIT=no > > IPV6_AUTOCONF=no > > DELAY=5 > > STP=yes > > > > > > > > On Wed, Sep 19, 2018 at 3:10 PM Simon Weller <[email protected]> > > wrote: > > > >> Jevgeni, > >> > >> > >> What type of networking are you using on your hosts? If advanced, what > >> type of isolation? > >> > >> > >> - Si > >> > >> ________________________________ > >> From: Jevgeni Zolotarjov <[email protected]> > >> Sent: Wednesday, September 19, 2018 3:17 AM > >> To: [email protected] > >> Subject: Unable to communicate to instances on new host - iptables? > >> > >> Hello! > >> > >> We are running CS 4.11.1 on CentOS7 (latest) > >> > >> Previously the installation had just 1 KVM host. > >> Now we added another identical host. > >> After some configuration hassle with libvirtd, new host is up and > running. > >> > >> I followed strictly the host installation guide for 4.11. > >> But instances running on new host are not accessible via tcp/ip. Neither > >> they can access network. > >> > >> I found out that stopping iptables on new host resolves the problem. But > >> this is not the solution, I guess. > >> > >> Please help. > >> > > >
