Hi Andreas, Yes you're right, those blocking rule appears on my iptables
# iptables -S |grep icmp-host-prohibited > -A INPUT -j REJECT --reject-with icmp-host-prohibited Then after I delete those rule, everything works fine. Thank you so much Andreas. On Tue, Jun 28, 2016 at 2:11 PM, Andreas Scheuring < scheu...@linux.vnet.ibm.com> wrote: > Hi Adhi, > yeah this seems to be iptables blocking you're traffic. > Calling > # iptables-save > gives you an easy to read output of all your rules. > > Probably you'll find some rule like > # -A INPUT -j REJECT --reject-with icmp-host-prohibited > > Now the problem with the 2 rules you added is, that you are appending > your rules with -A. Iptables-save should show, that they are processed > after the blocking rule (means never). > So what you need to do is to insert your 2 rules before the blocking > rule. You can do that using -I instead of -A. > > Alternatively you could just delete the blocking rule using: > # iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited > > > Note: > The commands just add/delete the rules on your running system. After a > reboot the rule will be gone again. You need to persist them. > How to do that depends on if you're using firewalld or iptables-service. > I think the www will help you there. > > Hope that helps > > > > -- > ----- > Andreas > IRC: andreas_s (formerly scheuran) > > > > On Di, 2016-06-28 at 13:14 +0700, Adhi Priharmanto wrote: > > Hi, all I've setup liberty release with neutron-openvswitch using gre > > tunnel at Centos. I've an problems when iptables service started at > > network and compute node. > > Instance couldn't get the internal IP address(DHCP) when it boot, if > > dump the packet using tcpdump on both of tunnel interface it says like > > this : > > > > 13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host > > 10.24.0.23 unreachable - admin prohibited, length 106 > > > > > > > > 10.24.0.0/24 is my tunnel IP network. I've already add this rule on > > both node but its no luck > > > > > > iptables -A INPUT -p gre -j ACCEPT > > > > iptables -A FORWARD -p gre -j ACCEPT > > > > > > > > Can someone help me to solve this problem ? > > > > > > -- > > Cheers, > > > > > > Adhi Priharmanto > > about.me/a_dhi > > > > > > > > +62-812-82121584 > > > > > > > > _______________________________________________ > > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : openstack@lists.openstack.org > > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > -- Cheers, [image: --] Adhi Priharmanto [image: http://]about.me/a_dhi <http://about.me/a_dhi?promo=email_sig> +62-812-82121584
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
