Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Here's iptables-save result of the compute node.

Generated by iptables-save v1.4.4 on Tue Apr 19 20:27:13 2011

*nat :PREROUTING ACCEPT [229:43562] :POSTROUTING ACCEPT [10:622] :OUTPUT ACCEPT [11:693] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-floating-snat - [0:0] :nova-compute-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 121.166.195.54:8773 -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-postrouting-bottom -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A OUTPUT -j nova-compute-OUTPUT -A nova-compute-snat -j nova-compute-floating-snat -A nova-postrouting-bottom -j nova-compute-snat COMMIT

Completed on Tue Apr 19 20:27:13 2011

Generated by iptables-save v1.4.4 on Tue Apr 19 20:27:13 2011

*filter :INPUT ACCEPT [475311:42792648] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [928238:74704384] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-18 - [0:0] :nova-compute-local - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] -A INPUT -j nova-compute-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-compute-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-compute-OUTPUT -A nova-compute-FORWARD -i br100 -j ACCEPT -A nova-compute-FORWARD -o br100 -j ACCEPT -A nova-compute-inst-18 -m state --state INVALID -j DROP -A nova-compute-inst-18 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-18 -s 10.0.0.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-18 -s 10.0.0.0/26 -j ACCEPT -A nova-compute-inst-18 -j nova-compute-sg-fallback -A nova-compute-local -d 10.0.0.3/32 -j nova-compute-inst-18 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-compute-local COMMIT

Completed on Tue Apr 19 20:27:13 2011