<div dir="ltr">Hmm... anyone else experienced this problem?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Dec 6, 2013 at 1:05 PM, Matt Kassawara <span dir="ltr"><<a href="mailto:mkassawara@gmail.com" target="_blank">mkassawara@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I installed Havana with Neutron on Scientific Linux 6.4 using the official installation guide. I added the following rules to the default security group to enable inbound ping and secure shell access to my instances with floating IPs:<div>
<br></div><div>nova secgroup-add-rule default icmp -1 -1 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br></div><div>nova secgroup-add-rule default tcp 22 22 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
</div><div><br></div><div>
Output from "nova secgroup-list-rules default" shows the rules:</div><div><br></div><div>+-------------+-----------+---------+-----------+--------------+</div><div>| IP Protocol | From Port | To Port | IP Range | Source Group |</div>
<div>+-------------+-----------+---------+-----------+--------------+</div><div>| | | | | default |</div><div>| | | | | default |</div>
<div>| tcp | 22 | 22 | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</div><div>| icmp | -1 | -1 | <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> | |</div>
<div>+-------------+-----------+---------+-----------+--------------+</div>
<div><br></div><div>However, after launching an instance and assigning a floating IP, I cannot ping the instance or access it via secure shell. According to iptables on the compute node, no rules exist from the security group applied to the instance.</div>
<div><br></div><div><div><div># iptables -S neutron-openvswi-i58a501c3-4</div><div>-N neutron-openvswi-i58a501c3-4</div><div>-A neutron-openvswi-i58a501c3-4 -m state --state INVALID -j DROP</div><div>-A neutron-openvswi-i58a501c3-4 -m state --state RELATED,ESTABLISHED -j RETURN</div>
<div>-A neutron-openvswi-i58a501c3-4 -s <a href="http://192.168.240.3/32" target="_blank">192.168.240.3/32</a> -p udp -m udp --sport 67 --dport 68 -j RETURN</div><div>-A neutron-openvswi-i58a501c3-4 -j neutron-openvswi-sg-fallback</div>
</div>
<div><br></div></div><div>Meanwhile, I'm also running a similar deployment of Havana on Ubuntu 12.04, also built using the official installation guide. According to iptables on the compute node, rules from the security group applied to the instance successfully propagate to it. I can ping the instance and access it via secure shell.</div>
<div><br></div><div><div><div># iptables -S neutron-openvswi-ibd9ba559-2</div><div>-N neutron-openvswi-ibd9ba559-2</div><div>-A neutron-openvswi-ibd9ba559-2 -m state --state INVALID -j DROP</div><div>-A neutron-openvswi-ibd9ba559-2 -m state --state RELATED,ESTABLISHED -j RETURN</div>
<div>-A neutron-openvswi-ibd9ba559-2 -p icmp -j RETURN</div><div>-A neutron-openvswi-ibd9ba559-2 -p tcp -m tcp --dport 22 -j RETURN</div><div>-A neutron-openvswi-ibd9ba559-2 -s <a href="http://192.168.240.3/32" target="_blank">192.168.240.3/32</a> -p udp -m udp --sport 67 --dport 68 -j RETURN</div>
<div>-A neutron-openvswi-ibd9ba559-2 -j neutron-openvswi-sg-fallback</div></div><div><br></div></div><div>I haven't found any obvious errors in the logs on the Scientific Linux deployment. Has anyone else experienced this problem?</div>
<div><br></div><div>Thanks,</div><div>Matt</div></div>
</blockquote></div><br></div>