[openstack-dev] [openstack]host not reachable with iptables reject after init
Brian Haley
brian.haley at hpe.com
Mon Nov 9 16:30:56 UTC 2015
On 11/09/2015 09:55 AM, Wilence Yao wrote:
> Hi all,
> After I run devstack/stack.sh completely, I found that api is not reachable.
> After some check, I found some iptables rules cause the problem:
<snip>
> ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>
> state NEW tcp dpt:22
> REJECT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>
> reject-with icmp-host-prohibited
> ```
>
> The last two rules reject all access to the host except port 22(ssh). Why
> should devstack add this two rules in host?
The devstack scripts don't add either of those rules, my guess is your distro
has locked things down by default. So you'll need to figure out how best to
deal with it, either disabling completely or opening all the ports you'll need
for devstack to function.
-Brian
More information about the OpenStack-dev
mailing list