[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Egress rules not applied in 4.11.0

I investigated further, and opened an issue: https://github.com/apache/cloudstack/issues/2561



Am 11.04.18 um 12:18 schrieb Martin Emrich:
Thanks... But I think something else is now broken, too...:

The SystemVMs are now no longer being provisioned: They come up "empty" with "systemvm type=".

I also deleted the Console Proxy VM, and the new one is plain, too...

I tried with Git branch 4.11 (producing 4.11.1-SNAPSHOT RPMs), same effect...



Am 11.04.18 um 00:56 schrieb Rohit Yadav:
Hi Martin,

This is a known issue, a freshly restarted VR may not have the EGREE related tables which is why any rules will fail to apply. As a workaround, you can restart the network without selecting the cleanup option which will reconfigure the VR and add the egress table.

I've a fix in this PR: https://github.com/apache/cloudstack/pull/2508/files#diff-2d3ea57dfd9156e3983b1bb2d64abecd

- Rohit


From: Martin Emrich <martin.emrich@xxxxxxxxxxx>
Sent: Tuesday, April 10, 2018 2:13:57 PM
To: CloudStack-Users
Subject: Egress rules not applied in 4.11.0


I upgraded my test cluster from 4.9 to 4.11. The default policy for
isolated networks is "Deny".

But now, adding rules to allow egress traffic are not applied to the
virtual router. adding a rule looks fine from the UI, but does
not appear in the iptables output on the VR.

Any Ideas?



53 Chandos Place, Covent Garden, London  WC2N 4HSUK