openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #12935
Re: Security group isolation on same physical host
Hi,
If they're in the same subnet, they won't go through a firewall to reach
each other. I'd imagine this is expected.
Cheers,
On Thu, 2012-06-07 at 10:00 -0400, Mitchell Broome wrote:
> So I'm running into a problem where two different virtual machines on
> the same physical host can get to each other bypassing security
> groups. As a test, I have removed all rules from the default security
> group and created two other groups for testing (test1 and test2) that
> only have inbound ssh access from a client network. The hosts are on
> 192.168.95.0/24 and the guest's fixed addresses are on
> 192.168.97.0/24. I'm not doing anything with floating ips, just
> strictly fixed ips. While testing, I'm using a single controller
> running everything except nova-compute and a single compute host only
> running nova-compute.
>
> I'm using centos 6.2 with openstack from epel:
> python-nova-2012.1-7.el6.noarch
> openstack-nova-2012.1-7.el6.noarch
>
>
> nova.conf (from the compute node):
> http://paste.openstack.org/show/18381/
>
> iptables -n -L:
> http://paste.openstack.org/show/18382/
>
> Is there some flag I'm missing in nova.conf to stop this?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
--
Stephen Gran
Senior Systems Integrator - The Guardian
Please consider the environment before printing this email.
------------------------------------------------------------------
Visit guardian.co.uk - newspaper of the year
www.guardian.co.uk www.observer.co.uk www.guardiannews.com
On your mobile, visit m.guardian.co.uk or download the Guardian
iPhone app www.guardian.co.uk/iphone
To save up to 30% when you subscribe to the Guardian and the Observer
visit www.guardian.co.uk/subscriber
---------------------------------------------------------------------
This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
Guardian News & Media Limited
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
London
N1P 2AP
Registered in England Number 908396
Follow ups
References