I cannot get bridge with security to work. However a standard bridge works fine…
If I set vn_mad to fw no traffic can get through. e.g. ping google.com. However if it is set to bridge it works fine.
Following your answer allows my VM to ping google. However the security groups do not work. e.g. if I delete both rules in the default group I can still ping google from within the VM.
Furthermore, my VM cannot ping other VMs either.
I have decided to try and go through the minione setup again. Maybe there is some step missing…
Here are the exact (and only) steps I have done:
Fresh install ubuntu server 20.04 with openssh installed
Modified my netplan to set a static IP to my router
Test ping:
can ping google.com
cannot ping other vm (this should now work again?) (172.16.100.3 from 172.16.100.2)
As per your suggestion
as root: iptables -t nat -A POSTROUTING -s 172.16.100.0/24 ! -d 172.16.100.0/24 -j MASQUERADE
Test ping:
can ping google.com
cannot ping other vm (172.16.100.3 from 172.16.100.2)
delete VMs
create 2x new VMs the same
Test ping:
can ping google.com
cannot ping other vm (172.16.100.3 from 172.16.100.2)
As soon as I make a change to the security group in sunstone it basically breaks all communication between VMs. Security groups are also not working still…
reboot
Test ping:
can ping google.com
cannot ping other vm (172.16.100.3 from 172.16.100.2)
So basically, for me, tampering with the security groups breaks the whole system.
First of all, my apologies, I read your message too fast and understood you couldn’t ping google. You don’t need to explicitly run iptables -t nat -A POSTROUTING -s 172.16.100.0/24 ! -d 172.16.100.0/24 -j MASQUERADE (minione does it for you), and that is done to provide Internet connection to VMs.
Note that in step 12 you set Protocol TCP instead of all (ping is ICMP). If you use set all in Protocol, you’ll see the ping echo replies again in step 13.