openstack team mailing list archive

[Remo Mattei <remo@xxxxxxxxxx>]

that will not show the rules for the instance. try this
ip netns exec <yourrouter-uuid> iptables -nxvL


On Jul 23, 2013, at 09:59 , David Kang <dkang@xxxxxxx> wrote:

> 
> Thank you for your suggestion.
> 
> We are using Quantum/Neutron not nova-network.
> So, we don't use br100.
> (I believe you are using nova-network.)
> 
> And the firewall rules that cause problem reside on the Quantum node
> not on the nova-compute node.
> I cannot find any rule for "--dport 67" on my Quantum node.
> I used "service iptables status" command to check the firewall rules.
> 
> Thanks,
> David
> 
> 
> ----- Original Message -----
>> Hi,
>> 
>> Please can you look up in the iptables?
>> Normally on a working openstack host the packets comming in the filter
>> table in the input chain are directed to the nova-network-INPUT which
>> has a rule to accept dhcp packets.
>> On my setup is something like:
>> -A INPUT -j nova-network-INPUT
>> 
>> .
>> .
>> .
>> -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
>> 
>> 
>> So I think you have to look somewhere else for your issue.
>> 
>> 
>> Regards,
>> Gabriel
>> 
>> 
>> 
>> 
>> 
>> 
>> From: David Kang <dkang@xxxxxxx>
>> To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)"
>> <openstack@xxxxxxxxxxxxxxxxxxx>
>> Sent: Tuesday, July 23, 2013 7:22 PM
>> Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address from
>> DHCP server
>> 
>> 
>> 
>> Hi,
>> 
>> We are running OpenStack Folsom on CentOS 6.4.
>> Quantum-linuxbridge-agent is used.
>> By default, the Quantum node has the following entries in its
>> /etc/sysconfig/iptables file.
>> 
>> -A INPUT -j REJECT --reject-with icmp-host-prohibited
>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
>> 
>> With those two lines, VM cannot get IP address from the DHCP server
>> running on the Quantum node.
>> More specifically, the first line prevents a VM from getting IP
>> address from DHCP server.
>> The second line prevents a VM from talking to other VMs and external
>> worlds.
>> Is there a better way to make the Quantum network work well
>> than just commenting them out?
>> 
>> I'll appreciate your help.
>> 
>> David
>> 
>> --
>> ----------------------
>> Dr. Dong-In "David" Kang
>> Computer Scientist
>> USC/ISI
>> 
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
> 
> -- 
> ----------------------
> Dr. Dong-In "David" Kang
> Computer Scientist
> USC/ISI
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 
> !DSPAM:2,51eeb6bc294852088044995!
>