Hmm... anyone else experienced this problem?
On Fri, Dec 6, 2013 at 1:05 PM, Matt Kassawara <mkassaw...@gmail.com> wrote: > I installed Havana with Neutron on Scientific Linux 6.4 using the official > installation guide. I added the following rules to the default security > group to enable inbound ping and secure shell access to my instances with > floating IPs: > > nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 > > Output from "nova secgroup-list-rules default" shows the rules: > > +-------------+-----------+---------+-----------+--------------+ > | IP Protocol | From Port | To Port | IP Range | Source Group | > +-------------+-----------+---------+-----------+--------------+ > | | | | | default | > | | | | | default | > | tcp | 22 | 22 | 0.0.0.0/0 | | > | icmp | -1 | -1 | 0.0.0.0/0 | | > +-------------+-----------+---------+-----------+--------------+ > > However, after launching an instance and assigning a floating IP, I cannot > ping the instance or access it via secure shell. According to iptables on > the compute node, no rules exist from the security group applied to the > instance. > > # iptables -S neutron-openvswi-i58a501c3-4 > -N neutron-openvswi-i58a501c3-4 > -A neutron-openvswi-i58a501c3-4 -m state --state INVALID -j DROP > -A neutron-openvswi-i58a501c3-4 -m state --state RELATED,ESTABLISHED -j > RETURN > -A neutron-openvswi-i58a501c3-4 -s 192.168.240.3/32 -p udp -m udp --sport > 67 --dport 68 -j RETURN > -A neutron-openvswi-i58a501c3-4 -j neutron-openvswi-sg-fallback > > Meanwhile, I'm also running a similar deployment of Havana on Ubuntu > 12.04, also built using the official installation guide. According to > iptables on the compute node, rules from the security group applied to the > instance successfully propagate to it. I can ping the instance and access > it via secure shell. > > # iptables -S neutron-openvswi-ibd9ba559-2 > -N neutron-openvswi-ibd9ba559-2 > -A neutron-openvswi-ibd9ba559-2 -m state --state INVALID -j DROP > -A neutron-openvswi-ibd9ba559-2 -m state --state RELATED,ESTABLISHED -j > RETURN > -A neutron-openvswi-ibd9ba559-2 -p icmp -j RETURN > -A neutron-openvswi-ibd9ba559-2 -p tcp -m tcp --dport 22 -j RETURN > -A neutron-openvswi-ibd9ba559-2 -s 192.168.240.3/32 -p udp -m udp --sport > 67 --dport 68 -j RETURN > -A neutron-openvswi-ibd9ba559-2 -j neutron-openvswi-sg-fallback > > I haven't found any obvious errors in the logs on the Scientific Linux > deployment. Has anyone else experienced this problem? > > Thanks, > Matt >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
