[Openstack-operators] Kilo neutron-ns-metadata-proxy Problem

Eren Türkay erent at skyatlas.com
Mon Aug 31 11:56:40 UTC 2015


I installed Kilo neutron. I can create networks, namespaces are created and
neutron-ns-metadata-proxy is running. However, VM's cannot get SSH keys. I've
isolated the problem down the network namespace and a particular iptables rule.
Here is the iptables rule, it accepts the packets marked with 0x1 and rejects it:

-A neutron-vpn-agen-INPUT -m mark --mark 0x1 -j ACCEPT
-A neutron-vpn-agen-INPUT -p tcp -m tcp --dport 8775 -j DROP

When I remove the DROP rule, everything works. My question is how are these
packages to is marked with 0x1? The iptables rules inside the
namespace can be found here: http://paste.ubuntu.com/12237691/


Eren Türkay, System Administrator
https://skyatlas.com/ | +90 850 885 0357

Yildiz Teknik Universitesi Davutpasa Kampusu
Teknopark Bolgesi, D2 Blok No:107
Esenler, Istanbul Pk.34220

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150831/4c91e812/attachment.pgp>

More information about the OpenStack-operators mailing list