Can'f figure out Security Groups

Community Support
1

Here is what I did in order:

  • Created a new network 192.168.10.0

  • Created a new network 192.168.20.0

  • Created a new network 192.168.30.0
    All of the above have VN_MAD = fw

  • Created a security group 192.168.20.0 with inbound/outbound from 192.168.10.0 on all protocols

  • Created a security group 192.168.30.0 with inbound/outbound from 192.168.10.0 on all protocols

  • Went back to the respective networks (20.0 and 30.0) and removed the default security group, then assigned their own security group as above.

  • created 3 templates where each one has the correct interface for each network

  • created instances of 3 VM .

the machines in .20 and .30 can ping each other which I did not expect since their security groups does not allow this

can someone tell me what I am doing wrong ?
thank you

2

oneadmin@vlab:~> onesecgroup list
ID USER GROUP NAME UPDATED OUTDATED ERROR
0 oneadmin oneadmin default 5 0 0
104 simon oneadmin 192.168.10.0 2 0 0
105 simon oneadmin 192.168.20.0 2 0 0

oneadmin@vlab:~> onesecgroup show 104
SECURITY GROUP 104 INFORMATION
ID : 104
NAME : 192.168.10.0
USER : simon
GROUP : oneadmin
PERMISSIONS
OWNER : um-
GROUP : —
OTHER : —

VIRTUAL MACHINES
UPDATED : 98,99
OUTDATED :
ERROR :

RULES
TYPE PROTOCOL ICMP_TYPE ICMVP6_TYPE NETWORK RANGE
inbound ALL VNet 2
outbound ALL VNet 2

TEMPLATE CONTENTS
DESCRIPTION=""

oneadmin@vlab:~> onesecgroup show 105
SECURITY GROUP 105 INFORMATION
ID : 105
NAME : 192.168.20.0
USER : simon
GROUP : oneadmin
PERMISSIONS
OWNER : um-
GROUP : —
OTHER : —

VIRTUAL MACHINES
UPDATED : 98,100
OUTDATED :
ERROR :

RULES
TYPE PROTOCOL ICMP_TYPE ICMVP6_TYPE NETWORK RANGE
inbound ALL VNet 2
outbound ALL VNet 2

TEMPLATE CONTENTS

VM 98 is the Virtual router
VM 99 is a machine on 192.168.10.0 network
VM 199 is a machine on 192.168.20.0 network

vm 99
VM NICS
ID NETWORK BRIDGE IP MAC PCI_ID
0 192.168.10.0 virbr10 192.168.10.101 02:00:c0:a8:0a:65

SECURITY

NIC_ID NETWORK SECURITY_GROUPS
0 192.168.10.0 104

SECURITY GROUP TYPE PROTOCOL NETWORK RANGE
ID NAME VNET START SIZE
104 192.168.10. inbound ALL 2 10.1.200.10 240
104 192.168.10. outbound ALL 2 10.1.200.10 240

VM 100
VM NICS
ID NETWORK BRIDGE IP MAC PCI_ID
0 192.168.20.0 virbr20 192.168.20.101 02:00:c0:a8:14:65

SECURITY

NIC_ID NETWORK SECURITY_GROUPS
0 192.168.20.0 105

SECURITY GROUP TYPE PROTOCOL NETWORK RANGE
ID NAME VNET START SIZE
105 192.168.20. inbound ALL 2 10.1.200.10 240
105 192.168.20. outbound ALL 2 10.1.200.10 240

oneadmin@vlab:~> onevnet list
ID USER GROUP NAME CLUSTERS BRIDGE LEASES
2 oneadmin oneadmin Private network - 1 0 virbr1 5
7 Simon oneadmin 192.168.10.0 0 virbr10 2
8 Simon oneadmin 192.168.20.0 0 virbr20 2

3

looks like iptables is not updated correctly.
this feature is not working for me.