[Openstack] Security Group of Quantum ovs plugin (Folsom) is not working
Chandler Li
lichandler116 at gmail.com
Fri Jun 14 03:25:27 UTC 2013
Hello,
I'm trying to use security group of Quantum ovs plugin(Folsom) in CentOS
6.3 (2012.2.3-1.el6 at epel).
Everything looks good, except security group,
and there are no error message in /var/log/nova/compute.log file.
After I created VM, I can see the bridges and interfaces have been created
normally.
[root at compute1 ~]# brctl show
bridge name bridge id STP enabled interfaces
br-int 0000.3eca2e714b4d no qvo756ead5d-32
br-tun 0000.824651aab541 no
qbr756ead5d-32 0000.ca57ea41484c no
qvb756ead5d-32
vnet0
The chain rules in filter table of iptables can reflect security group
rules correctly too.
Chain nova-compute-inst-749 (1 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
state INVALID
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
3 nova-compute-provider all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT udp -- 10.0.0.2 0.0.0.0/0 udp
spt:67 dpt:68
5 ACCEPT all -- 10.0.0.0/24 0.0.0.0/0
6 nova-compute-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
Obviously, the packets do not follow these rules correctly.
Please advise me how to resolve this problem.
Thanks a lot,
Chandler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130614/d398aea3/attachment.html>
More information about the Openstack
mailing list