> On 07 Sep 2015, at 09:29, Eren Türkay <er...@skyatlas.com> wrote: > > On 31-08-2015 14:56, Eren Türkay wrote: >> Hello, > > Hello agiain, > >> I installed Kilo neutron. I can create networks, namespaces are created and >> neutron-ns-metadata-proxy is running. However, VM's cannot get SSH keys. I've >> isolated the problem down the network namespace and a particular iptables >> rule. >> Here is the iptables rule, it accepts the packets marked with 0x1 and >> rejects it: >> >> -A neutron-vpn-agen-INPUT -m mark --mark 0x1 -j ACCEPT >> -A neutron-vpn-agen-INPUT -p tcp -m tcp --dport 8775 -j DROP >> >> When I remove the DROP rule, everything works. My question is how are these >> packages to 169.245.169.254 is marked with 0x1? The iptables rules inside the >> namespace can be found here: http://paste.ubuntu.com/12237691/ > > I am still stuck at this problem. Has anyone experienced it? I would be really > happy if someone can give a tip regarding to the issue. > > Regards,
See metadata_access_mark option in etc/l3_agent.ini Ihar
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
