Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Yes, 9.2.156.126 is the public IP of Server A (eth0). Here is the output of iptables for this server followed by that of Server B (9.2.156.124):

mb@sysnet45: ~mb@sysnet45:~$ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
nova-compute-INPUT all -- anywhere anywhere
nova-network-INPUT all -- anywhere anywhere
nova-manage-INPUT all -- anywhere anywhere
nova-api-INPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT gre -- anywhere anywhere

Chain FORWARD (policy ACCEPT) target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-FORWARD all -- anywhere anywhere
nova-network-FORWARD all -- anywhere anywhere
nova-manage-FORWARD all -- anywhere anywhere
nova-api-FORWARD all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT) target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-OUTPUT all -- anywhere anywhere
nova-network-OUTPUT all -- anywhere anywhere
nova-manage-OUTPUT all -- anywhere anywhere
nova-api-OUTPUT all -- anywhere anywhere

Chain nova-api-FORWARD (1 references) target prot opt source destination

Chain nova-api-INPUT (1 references) target prot opt source destination
ACCEPT tcp -- anywhere sysnet45.watson.ibm.com tcp dpt:8775

Chain nova-api-OUTPUT (1 references) target prot opt source destination

Chain nova-api-local (1 references) target prot opt source destination

Chain nova-compute-FORWARD (1 references) target prot opt source destination

Chain nova-compute-INPUT (1 references) target prot opt source destination

Chain nova-compute-OUTPUT (1 references) target prot opt source destination

Chain nova-compute-inst-12 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- reserved-9-9-9-1.atlanta.ibm.com anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.9.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-3 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- sysnet45.local anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.8.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-7 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- reserved-9-9-9-1.atlanta.ibm.com anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.9.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-9 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- sysnet45.local anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.8.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-local (1 references) target prot opt source destination
nova-compute-inst-3 all -- anywhere 9.9.8.2
nova-compute-inst-7 all -- anywhere reserved-9-9-9-2.atlanta.ibm.com nova-compute-inst-9 all -- anywhere 9.9.8.5
nova-compute-inst-12 all -- anywhere reserved-9-9-9-4.atlanta.ibm.com

Chain nova-compute-provider (4 references) target prot opt source destination

Chain nova-compute-sg-fallback (4 references) target prot opt source destination
DROP all -- anywhere anywhere

Chain nova-filter-top (2 references) target prot opt source destination
nova-compute-local all -- anywhere anywhere
nova-network-local all -- anywhere anywhere
nova-manage-local all -- anywhere anywhere
nova-api-local all -- anywhere anywhere

Chain nova-manage-FORWARD (1 references) target prot opt source destination

Chain nova-manage-INPUT (1 references) target prot opt source destination

Chain nova-manage-OUTPUT (1 references) target prot opt source destination

Chain nova-manage-local (1 references) target prot opt source destination

Chain nova-network-FORWARD (1 references) target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain nova-network-INPUT (1 references) target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain

Chain nova-network-OUTPUT (1 references) target prot opt source destination

Chain nova-network-local (1 references) target prot opt source destination

========================================================

Chain INPUT (policy ACCEPT) target prot opt source destination
nova-compute-INPUT all -- anywhere anywhere
ACCEPT gre -- anywhere anywhere

Chain FORWARD (policy ACCEPT) target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-FORWARD all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT) target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-OUTPUT all -- anywhere anywhere

Chain nova-compute-FORWARD (1 references) target prot opt source destination

Chain nova-compute-INPUT (1 references) target prot opt source destination

Chain nova-compute-OUTPUT (1 references) target prot opt source destination

Chain nova-compute-inst-11 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- 9.9.8.1 anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.8.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-13 (2 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- reserved-9-9-9-1.atlanta.ibm.com anywhere udp spt:bootps dpt:bootpc ACCEPT udp -- 10.0.0.1 anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.9.0/24 anywhere
ACCEPT all -- 10.0.0.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-5 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- 9.9.8.1 anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.8.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-inst-8 (1 references) target prot opt source destination
DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- reserved-9-9-9-1.atlanta.ibm.com anywhere udp spt:bootps dpt:bootpc ACCEPT all -- 9.9.9.0/24 anywhere
nova-compute-sg-fallback all -- anywhere anywhere

Chain nova-compute-local (1 references) target prot opt source destination
nova-compute-inst-5 all -- anywhere 9.9.8.4
nova-compute-inst-8 all -- anywhere wrp-bc-1a-ge2-1.atlanta.ibm.com nova-compute-inst-11 all -- anywhere 9.9.8.7
nova-compute-inst-13 all -- anywhere reserved-9-9-9-5.atlanta.ibm.com nova-compute-inst-13 all -- anywhere 10.0.0.6

Chain nova-compute-provider (4 references) target prot opt source destination

Chain nova-compute-sg-fallback (4 references) target prot opt source destination
DROP all -- anywhere anywhere

Chain nova-filter-top (2 references) target prot opt source destination
nova-compute-local all -- anywhere anywhere