[Openstack-operators] [neutron] Kilo neutron-ns-metadata-proxy Problem
ihrachys at redhat.com
Mon Sep 7 08:52:42 UTC 2015
> On 07 Sep 2015, at 09:29, Eren Türkay <erent at skyatlas.com> wrote:
> On 31-08-2015 14:56, Eren Türkay wrote:
> Hello agiain,
>> I installed Kilo neutron. I can create networks, namespaces are created and
>> neutron-ns-metadata-proxy is running. However, VM's cannot get SSH keys. I've
>> isolated the problem down the network namespace and a particular iptables rule.
>> Here is the iptables rule, it accepts the packets marked with 0x1 and rejects it:
>> -A neutron-vpn-agen-INPUT -m mark --mark 0x1 -j ACCEPT
>> -A neutron-vpn-agen-INPUT -p tcp -m tcp --dport 8775 -j DROP
>> When I remove the DROP rule, everything works. My question is how are these
>> packages to 126.96.36.199 is marked with 0x1? The iptables rules inside the
>> namespace can be found here: http://paste.ubuntu.com/12237691/
> I am still stuck at this problem. Has anyone experienced it? I would be really
> happy if someone can give a tip regarding to the issue.
See metadata_access_mark option in etc/l3_agent.ini
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the OpenStack-operators