[Openstack-operators] How Do I allow IP protocols other than TCP, UDP, or ICMP (such as GRE)through my security group?

Aaron Rosen arosen at nicira.com
Tue Aug 20 18:03:07 UTC 2013


You'll need to install or build a package that has this patch included.
Alternative, you could edit the code on the quantum-server and make these
changes to these two files:

https://review.openstack.org/#/c/32050/1/quantum/extensions/securitygroup.py
https://review.openstack.org/#/c/32050/1/quantum/plugins/nicira/common/securitygroups.py

then restart quantum-server

Aaron


On Tue, Aug 20, 2013 at 10:36 AM, Steven Barnabas
<sbarnabas at frontporch.com>wrote:

>  Thank you for this.    So should I just do a apt-get upgrade, apt-get
> update?
>
>
>
>  Steven Barnabas
> Network Engineer
> Front Porch, Inc.
> 209-288-5580
> 209-652-7733 mobile
> www.frontporch.com
>
>
>
>  On Aug 15, 2013, at 1:16 PM, Aaron Rosen <arosen at nicira.com> wrote:
>
>  Hi,
>
>  The following patch added support for this in early H1
> https://review.openstack.org/#/c/32050/ . This will cherry-pick to
> stable/grizzly without any conflict if you want to backport it for your
> deployment.
>
> Aaron
>
>
> On Wed, Aug 14, 2013 at 9:10 AM, Steven Barnabas <sbarnabas at frontporch.com
> > wrote:
>
>> I am using GRE.
>>
>>  GRE packets which are encapsulated within IP will use IP protocol type
>> 47.
>>
>>  This is neither TCP nor UDP.
>>
>>
>>
>>  Steven Barnabas
>> Network Engineer
>> Front Porch, Inc.
>> 209-288-5580
>> 209-652-7733 mobile
>> www.frontporch.com
>>
>>
>>
>>   On Aug 13, 2013, at 2:58 PM, Adam Young <ayoung at redhat.com> wrote:
>>
>>  On 08/13/2013 04:51 PM, Steven Barnabas wrote:
>>
>> I have a basic Grizzly installation following these instructions.
>> https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst
>>
>> Everything is working great, however....
>>
>> I am trying to send some traffic via a gre tunnel to an IP address of an
>> interface on my instance. This traffic is neither TCP or UDP. How do I
>> allow this traffic through my security group since I can only select TCP,
>> UDP, or ICMP. Is there a allow any any command?
>>
>>
>>
>> What protocol are you using?  Chances are it is either TCP or UDP.  HTTP
>> is TCP.
>>
>>
>>  Thank you.
>>
>>
>>
>>  Steven Barnabas
>> Network Engineer
>> Front Porch, Inc.
>> 209-288-5580
>> 209-652-7733 mobile
>> www.frontporch.com
>>
>>
>>
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>>  _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130820/f004d69f/attachment.html>


More information about the OpenStack-operators mailing list