Thank you for your suggestion. We are using Quantum/Neutron not nova-network. So, we don't use br100. (I believe you are using nova-network.)
And the firewall rules that cause problem reside on the Quantum node not on the nova-compute node. I cannot find any rule for "--dport 67" on my Quantum node. I used "service iptables status" command to check the firewall rules. Thanks, David ----- Original Message ----- > Hi, > > Please can you look up in the iptables? > Normally on a working openstack host the packets comming in the filter > table in the input chain are directed to the nova-network-INPUT which > has a rule to accept dhcp packets. > On my setup is something like: > -A INPUT -j nova-network-INPUT > > . > . > . > -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT > > > So I think you have to look somewhere else for your issue. > > > Regards, > Gabriel > > > > > > > From: David Kang <dk...@isi.edu> > To: "openstack@lists.launchpad.net (openstack@lists.launchpad.net)" > <openstack@lists.launchpad.net> > Sent: Tuesday, July 23, 2013 7:22 PM > Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address from > DHCP server > > > > Hi, > > We are running OpenStack Folsom on CentOS 6.4. > Quantum-linuxbridge-agent is used. > By default, the Quantum node has the following entries in its > /etc/sysconfig/iptables file. > > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > > With those two lines, VM cannot get IP address from the DHCP server > running on the Quantum node. > More specifically, the first line prevents a VM from getting IP > address from DHCP server. > The second line prevents a VM from talking to other VMs and external > worlds. > Is there a better way to make the Quantum network work well > than just commenting them out? > > I'll appreciate your help. > > David > > -- > ---------------------- > Dr. Dong-In "David" Kang > Computer Scientist > USC/ISI > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp -- ---------------------- Dr. Dong-In "David" Kang Computer Scientist USC/ISI _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
