← Back to team overview

openstack team mailing list archive

Security group isolation on same physical host

 

So I'm running into a problem where two different virtual machines on
the same physical host can get to each other bypassing security
groups.  As a test, I have removed all rules from the default security
group and created two other groups for testing (test1 and test2) that
only have inbound ssh access from a client network.  The hosts are on
192.168.95.0/24 and the guest's fixed addresses are on
192.168.97.0/24.  I'm not doing anything with floating ips, just
strictly fixed ips.  While testing, I'm using a single controller
running everything except nova-compute and a single compute host only
running nova-compute.

I'm using centos 6.2 with openstack from epel:
python-nova-2012.1-7.el6.noarch
openstack-nova-2012.1-7.el6.noarch


nova.conf (from the compute node):
http://paste.openstack.org/show/18381/

iptables -n -L:
http://paste.openstack.org/show/18382/

Is there some flag I'm missing in nova.conf to stop this?


Follow ups