Looks like I tracked down the problem. I needed to enable netfilter on the bridge.
On Thu, Jun 7, 2012 at 10:00 AM, Mitchell Broome <mitchell.bro...@gmail.com> wrote: > So I'm running into a problem where two different virtual machines on > the same physical host can get to each other bypassing security > groups. As a test, I have removed all rules from the default security > group and created two other groups for testing (test1 and test2) that > only have inbound ssh access from a client network. The hosts are on > 192.168.95.0/24 and the guest's fixed addresses are on > 192.168.97.0/24. I'm not doing anything with floating ips, just > strictly fixed ips. While testing, I'm using a single controller > running everything except nova-compute and a single compute host only > running nova-compute. > > I'm using centos 6.2 with openstack from epel: > python-nova-2012.1-7.el6.noarch > openstack-nova-2012.1-7.el6.noarch > > > nova.conf (from the compute node): > http://paste.openstack.org/show/18381/ > > iptables -n -L: > http://paste.openstack.org/show/18382/ > > Is there some flag I'm missing in nova.conf to stop this? _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
