← Back to team overview

openstack team mailing list archive

Re: [Quantum/Neutron] VM cannot get IP address from DHCP server

 

 Thank you for your suggestion.

 We are using Quantum/Neutron not nova-network.
So, we don't use br100.
(I believe you are using nova-network.)

 And the firewall rules that cause problem reside on the Quantum node
not on the nova-compute node.
I cannot find any rule for "--dport 67" on my Quantum node.
I used "service iptables status" command to check the firewall rules.

 Thanks,
 David


----- Original Message -----
> Hi,
> 
> Please can you look up in the iptables?
> Normally on a working openstack host the packets comming in the filter
> table in the input chain are directed to the nova-network-INPUT which
> has a rule to accept dhcp packets.
> On my setup is something like:
> -A INPUT -j nova-network-INPUT
> 
> .
> .
> .
> -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
> 
> 
> So I think you have to look somewhere else for your issue.
> 
> 
> Regards,
> Gabriel
> 
> 
> 
> 
> 
> 
> From: David Kang <dkang@xxxxxxx>
> To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)"
> <openstack@xxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, July 23, 2013 7:22 PM
> Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address from
> DHCP server
> 
> 
> 
> Hi,
> 
> We are running OpenStack Folsom on CentOS 6.4.
> Quantum-linuxbridge-agent is used.
> By default, the Quantum node has the following entries in its
> /etc/sysconfig/iptables file.
> 
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> 
> With those two lines, VM cannot get IP address from the DHCP server
> running on the Quantum node.
> More specifically, the first line prevents a VM from getting IP
> address from DHCP server.
> The second line prevents a VM from talking to other VMs and external
> worlds.
> Is there a better way to make the Quantum network work well
> than just commenting them out?
> 
> I'll appreciate your help.
> 
> David
> 
> --
> ----------------------
> Dr. Dong-In "David" Kang
> Computer Scientist
> USC/ISI
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp

-- 
----------------------
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI


Follow ups

References