[Openstack] nova-network-INPUT (was Re: dns issue?)

Sharif Islam islamsh at indiana.edu
Tue Oct 11 18:55:40 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As Jorge was pointing out last week
(https://lists.launchpad.net/openstack/msg04596.html), the problem seems
to be iptables related. When I added these two rules, I was able to ping
google.com with 10.0.1.1 as the nameserver.


# iptables -I nova-network-INPUT 1 -p tcp --dport 53 -j ACCEPT
# iptables -I nova-network-INPUT 1 -p udp --dport 53 -j ACCEPT


However, as soon as a new instance starts, these two rules goes away.

# iptables -L nova-network-INPUT
Chain nova-network-INPUT (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain

I start a new instance, few seconds later:

# iptables -L nova-network-INPUT
Chain nova-network-INPUT (1 references)
target     prot opt source               destination

I also have these two rules:

# iptables -L -n|grep 67
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
# iptables -L -n|grep 53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53


Can someone explain how these iptables rule get created? I thought these
rules were generated by starting nova-network.

I also saw this: https://bugzilla.redhat.com/show_bug.cgi?id=734347. Not
sure if this is related. I am running RHEL 6.1.

thanks.


- --sharif





- -- 
Sharif Islam
Senior Systems Analyst/Programmer
FutureGrid (http://futuregrid.org)
Pervasive Technology Institute, Indiana University Bloomington
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOlJEsAAoJEACffes9SivFivEIAKA17GpyNWZb9cyvsJZhEyLL
vdvbRH9ywYHR7GJtHcIt4GnH0jBWR6JbqfviuozIpyYg5f6FkFJ8N1rGUBWFVyE+
obb+fPofq7c5Kb9EbH19pKwkccjomNC55lJBZbX4UUzVsAtGubj3yWdwGeFVMyZX
tUwyoylnY+PFE38rQ+FWjIBBPdmBkIRJrXmu9xSqKzYqDbJ3Z/5YLZwdc6dOC6le
abchZkbYUI1tCEQoSJHnolzXbhXXoNDivdcqPKJRN2DbuWjvi+unE0yYBzAhtK8Y
1y+0DaJzCaDhNr0focz24fbEdXw/qDCdMm+BeerZSo9+WMV2zyeWhF7EdkO7w24=
=BVdE
-----END PGP SIGNATURE-----

More information about the Openstack mailing list