[Openstack] Security Groups Can't Apply in Kilo with Neutron & XenServer
Adhi Priharmanto
adhi.pri at gmail.com
Tue Mar 15 02:01:05 UTC 2016
here's my security groups list
# neutron security-group-rule-list
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| id | security_group | direction |
protocol | remote_ip_prefix | remote_group |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
| 0d814f8a-fd79-4a86-8fb4-4d769fc8b28e | default | egress |
| | |
| 12d1c7ea-1b42-417b-a620-e5a0bb10e7fd | default | egress |
| | |
| 25de2b38-503b-47e1-8d73-a52e87425eba | default | ingress |
| | default |
| 43fc5af3-1dd5-4276-8d05-9f79ce6c3743 | default | egress |
| | |
| 5157d898-5cd4-48b8-8290-2159aebb82bf | default | ingress | icmp
| 0.0.0.0/0 | |
| 7403a747-23cc-4a05-bec1-9f1fc0e56b78 | default | ingress |
| | default |
| 968d51f4-b506-47bd-b450-9fb58f26979b | adhi | egress |
| | |
| bda9e450-3560-449e-bf2b-22202eb8baf8 | adhi | ingress | icmp
| 0.0.0.0/0 | |
| d24d311c-c6b8-4b94-9919-155e0e106dee | adhi | egress |
| | |
| da9237b6-769d-4c0c-82be-1ee14e88a2c3 | default | ingress |
| | default |
| f66c3883-b32e-4871-a5f2-a3b2bfc468bc | default | ingress |
| | default |
| fd041a73-8c5b-4e14-8053-1ed7beabf448 | default | egress |
| | |
+--------------------------------------+----------------+-----------+----------+------------------+--------------+
On Tue, Mar 15, 2016 at 2:17 AM, Remo Mattei <remo at italy1.com> wrote:
> can you share your security groups rules?
>
> On Mar 13, 2016, at 20:56, Adhi Priharmanto <adhi.pri at gmail.com> wrote:
>
> Hi all,
>
> I had Openstack Kilo installed on my lab, for Compute Hypervisor I use
> XenServer 6.5, and networking Using Neutron OVS. For Controller, Network,
> and Compute node I'm using Ubuntu 14.04.
>
> My problem was Security Groups rules doesn't applied to the instance that
> created. For example, there is no rule for SSH port 22 in security group i
> defined to the instance, but instance with floating IP able to login by ssh
> from external network.
>
> I've already add this option on my nova.conf
>
> firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver
>
> and also defined firewall_driver on my ml2_conf.ini at Controller,
> Network, and Compute node
>
> [ovs]
> enable_security_group = True
> enable_ipset = True
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
> can somebody help me with this problem ?
>
>
> --
> Cheers,
>
>
>
> [image: --]
> Adhi Priharmanto
> [image: http://]about.me/a_dhi
> <http://about.me/a_dhi?promo=email_sig>
>
>
> !DSPAM:1,56e639a818092205511520!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,56e639a818092205511520!
>
>
>
--
Cheers,
[image: --]
Adhi Priharmanto
[image: http://]about.me/a_dhi
<http://about.me/a_dhi?promo=email_sig>
+62-812-82121584
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160315/1428c690/attachment.html>
More information about the Openstack
mailing list