[openstack-dev] [openstack]host not reachable with iptables reject after init
Wilence Yao
wilence.yao at gmail.com
Mon Nov 9 14:55:43 UTC 2015
Hi all,
After I run devstack/stack.sh completely, I found that api is not
reachable. After some check, I found some iptables rules cause the problem:
```
Chain INPUT (policy ACCEPT)
target prot opt source destination
nova-network-INPUT all -- 0.0.0.0/0 0.0.0.0/0
neutron-openvswi-INPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
```
The last two rules reject all access to the host except port 22(ssh). Why
should devstack add this two rules in host?
Wilence Yao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151109/a4247273/attachment.html>
More information about the OpenStack-dev
mailing list