[Openstack] [Quantum/Neutron] VM cannot get IP address from DHCP server

David Kang dkang at isi.edu
Tue Jul 23 17:13:27 UTC 2013


 We use CentOS 6.4, which does not support network namespace.
So "ip netns .." fails.

 Thanks,
 David

----- Original Message -----
> that will not show the rules for the instance. try this
> ip netns exec <yourrouter-uuid> iptables -nxvL
> 
> 
> On Jul 23, 2013, at 09:59 , David Kang <dkang at isi.edu> wrote:
> 
> >
> > Thank you for your suggestion.
> >
> > We are using Quantum/Neutron not nova-network.
> > So, we don't use br100.
> > (I believe you are using nova-network.)
> >
> > And the firewall rules that cause problem reside on the Quantum node
> > not on the nova-compute node.
> > I cannot find any rule for "--dport 67" on my Quantum node.
> > I used "service iptables status" command to check the firewall
> > rules.
> >
> > Thanks,
> > David
> >
> >
> > ----- Original Message -----
> >> Hi,
> >>
> >> Please can you look up in the iptables?
> >> Normally on a working openstack host the packets comming in the
> >> filter
> >> table in the input chain are directed to the nova-network-INPUT
> >> which
> >> has a rule to accept dhcp packets.
> >> On my setup is something like:
> >> -A INPUT -j nova-network-INPUT
> >>
> >> .
> >> .
> >> .
> >> -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
> >>
> >>
> >> So I think you have to look somewhere else for your issue.
> >>
> >>
> >> Regards,
> >> Gabriel
> >>
> >>
> >>
> >>
> >>
> >>
> >> From: David Kang <dkang at isi.edu>
> >> To: "openstack at lists.launchpad.net (openstack at lists.launchpad.net)"
> >> <openstack at lists.launchpad.net>
> >> Sent: Tuesday, July 23, 2013 7:22 PM
> >> Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address
> >> from
> >> DHCP server
> >>
> >>
> >>
> >> Hi,
> >>
> >> We are running OpenStack Folsom on CentOS 6.4.
> >> Quantum-linuxbridge-agent is used.
> >> By default, the Quantum node has the following entries in its
> >> /etc/sysconfig/iptables file.
> >>
> >> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> >>
> >> With those two lines, VM cannot get IP address from the DHCP server
> >> running on the Quantum node.
> >> More specifically, the first line prevents a VM from getting IP
> >> address from DHCP server.
> >> The second line prevents a VM from talking to other VMs and
> >> external
> >> worlds.
> >> Is there a better way to make the Quantum network work well
> >> than just commenting them out?
> >>
> >> I'll appreciate your help.
> >>
> >> David
> >>
> >> --
> >> ----------------------
> >> Dr. Dong-In "David" Kang
> >> Computer Scientist
> >> USC/ISI
> >>
> >> _______________________________________________
> >> Mailing list: https://launchpad.net/~openstack
> >> Post to : openstack at lists.launchpad.net
> >> Unsubscribe : https://launchpad.net/~openstack
> >> More help : https://help.launchpad.net/ListHelp
> >
> > --
> > ----------------------
> > Dr. Dong-In "David" Kang
> > Computer Scientist
> > USC/ISI
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to : openstack at lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help : https://help.launchpad.net/ListHelp
> >
> > !DSPAM:2,51eeb6bc294852088044995!
> >

-- 
----------------------
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI




More information about the Openstack mailing list