that will not show the rules for the instance. try this ip netns exec <yourrouter-uuid> iptables -nxvL
On Jul 23, 2013, at 09:59 , David Kang <dk...@isi.edu> wrote: > > Thank you for your suggestion. > > We are using Quantum/Neutron not nova-network. > So, we don't use br100. > (I believe you are using nova-network.) > > And the firewall rules that cause problem reside on the Quantum node > not on the nova-compute node. > I cannot find any rule for "--dport 67" on my Quantum node. > I used "service iptables status" command to check the firewall rules. > > Thanks, > David > > > ----- Original Message ----- >> Hi, >> >> Please can you look up in the iptables? >> Normally on a working openstack host the packets comming in the filter >> table in the input chain are directed to the nova-network-INPUT which >> has a rule to accept dhcp packets. >> On my setup is something like: >> -A INPUT -j nova-network-INPUT >> >> . >> . >> . >> -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT >> >> >> So I think you have to look somewhere else for your issue. >> >> >> Regards, >> Gabriel >> >> >> >> >> >> >> From: David Kang <dk...@isi.edu> >> To: "openstack@lists.launchpad.net (openstack@lists.launchpad.net)" >> <openstack@lists.launchpad.net> >> Sent: Tuesday, July 23, 2013 7:22 PM >> Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address from >> DHCP server >> >> >> >> Hi, >> >> We are running OpenStack Folsom on CentOS 6.4. >> Quantum-linuxbridge-agent is used. >> By default, the Quantum node has the following entries in its >> /etc/sysconfig/iptables file. >> >> -A INPUT -j REJECT --reject-with icmp-host-prohibited >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> >> With those two lines, VM cannot get IP address from the DHCP server >> running on the Quantum node. >> More specifically, the first line prevents a VM from getting IP >> address from DHCP server. >> The second line prevents a VM from talking to other VMs and external >> worlds. >> Is there a better way to make the Quantum network work well >> than just commenting them out? >> >> I'll appreciate your help. >> >> David >> >> -- >> ---------------------- >> Dr. Dong-In "David" Kang >> Computer Scientist >> USC/ISI >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > -- > ---------------------- > Dr. Dong-In "David" Kang > Computer Scientist > USC/ISI > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > !DSPAM:2,51eeb6bc294852088044995! > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
