I have configured an ssh security group for a specific network but it’s not working as I can’t ssh into the vm. I can see the following rule in iptables
RETURN all – anywhere anywhere match-set one-568-0-106-i-nr-inet src,dst
On the other hand, I have created the another ssh security group but to apply to all networks instead of a specific one and it worked this time. This is the rule created in iptables
-A one-568-0-i -m state --state RELATED,ESTABLISHED -j RETURN
-A one-568-0-i -m set --match-set one-568-0-106-i-nr-inet src,dst -j RETURN
-A one-568-0-i -j DROP
-A one-568-0-o -m state --state RELATED,ESTABLISHED -j RETURN
-A one-568-0-o -j DROP
-A opennebula -m physdev --physdev-in one-568-0 --physdev-is-bridged -j one-568-0-o
-A opennebula -m physdev --physdev-out one-568-0 --physdev-is-bridged -j one-568-0-i
-A opennebula -j ACCEPT
Do you know why the network specific security group is not working?
I’d say for some reason the traffic is not matching the iptables rule
RETURN all – anywhere anywhere match-set one-568-0-106-i-nr-inet src,dst
How the rule is build? What does one-568-0-106-i-nr-inet src,dst param mean?
Can you provide more details on what do you mean by “to apply to all networks instead of a specific one”? Also, it would be useful if you can share you network config (i.e onevnet show -x <vnet_id>) and the same for the SGs.
when you define a security group, in target network dropdown, you can specify if the
rule you’re configuring applies to all networks, manual network or opennebula virtual network.
When I select opennebula virtual network, if you want to apply the security group to a certain vm,
you go to vm → network → nic