openstack team mailing list archive

Thread
Date

iptables rule missing in multi node setup

To: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Qin, Xiaohong" <Xiaohong.Qin@xxxxxxx>
Date: Wed, 24 Oct 2012 18:55:02 -0400
Accept-language: en-US
Acceptlanguage: en-US
Thread-index: Ac2yOpmFSN/ryK3UT2agq+0JPw5reQ==
Thread-topic: iptables rule missing in multi node setup

Hi All,

In one of my lab setups, I found the following iptable rules are missing on the controller node,

Chain nova-compute-inst-3 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
nova-compute-provider  all  --  anywhere             anywhere
ACCEPT     udp  --  usxxcoberbmbp1.corp.emc.com  anywhere             udp spt:bootps dpt:bootpc
ACCEPT     all  --  10.0.0.0/24          anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
nova-compute-sg-fallback  all  --  anywhere             anywhere

Especially this entry,

ACCEPT     all  --  10.0.0.0/24          anywhere

This is the network (10.0.0.0/24)  we used for all VMs. I'm using the latest Folsom quantum code.

Thanks.

Dennis Qin

Follow ups

Re: iptables rule missing in multi node setup
From: Brian Haley, 2012-10-25