Hi-
I have the following chains in the iptables.
root@havana:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 6021 packets, 474K bytes)
pkts bytes target prot opt in out source destination
5921 465K nova-api-INPUT all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0
udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 nova-filter-top all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 nova-api-FORWARD all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * virbr0 0.0.0.0/0
192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 6746 packets, 462K bytes)
pkts bytes target prot opt in out source destination
6614 452K nova-filter-top all -- * * 0.0.0.0/0
0.0.0.0/0
6614 452K nova-api-OUTPUT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain nova-api-FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
10.10.10.100 tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-local (1 references)
pkts bytes target prot opt in out source destination
Chain nova-filter-top (2 references)
pkts bytes target prot opt in out source destination
6614 452K nova-api-local all -- * * 0.0.0.0/0
0.0.0.0/0
I find none with the names suggested below. Am I missing any of the
configurations required.
Kindly help me in this regard.
--
Trinath Somanchi - B39208
trinath.soman...@freescale.com | extn: 4048
From: 郭龙仓 [mailto:guolongcang.w...@gmail.com]
Sent: Wednesday, December 11, 2013 1:46 PM
To: Somanchi Trinath-B39208
Cc: openstack@lists.openstack.org
Subject: Re: [Openstack] [FWaaS] Doubts with FWaaS
FWaaS is implemented through iptables on qr-{xxx} device , one inbound chain
named like neutron-l3-agent-iv{xxx} and one outbound chain named like
neutron-l3-agent-ov{xxx} .
You can check the qr-{xxx} device's iptables rules.
2013/12/11
trinath.soman...@freescale.com<mailto:trinath.soman...@freescale.com>
<trinath.soman...@freescale.com<mailto:trinath.soman...@freescale.com>>
Hi stackers-
I have configured FWaas with Neutron.
Also, I have created a simple firewall rule, added the same to a policy and
created a firewall with this policy from CLI
The firewall is in ERROR state.
The rules and the policies were added to the DB.
How do I debug to find the error. Also, will these rules be added to the
iptables?
Help be troubleshoot and understand the same.
--
Trinath Somanchi - B39208
trinath.soman...@freescale.com<mailto:trinath.soman...@freescale.com> | extn:
4048
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to :
openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
