Ask Your Question
2

guest to hypervisor traffic is unfiltered

asked 2014-04-23 17:27:20 -0500

dmartls1 gravatar image

Running CentOS 6.5/Havana using nova-network

network_manager = nova.network.manager.VlanManager
bridge_interface=bond0
vlan_interface=bond0
update_dns_entries=True
share_dhcp_address=True
multi_host=True
send_arp_for_ha=True

Services running on the hypervisor are accessible from any guest running on it through the IP associated with the bridge interface (where dnsmasq listens). Should there be a filter to drop any traffic other than dhcp, dns and metadata?

[dmartls1@workstation ~]# nova network-show 56717f84-1762-4b51-a2ee-0ddab40ae50e | grep gateway
| gateway             | 10.11.63.254                         |

[root@guest1 ~]# telnet 10.11.63.254 22
Trying 10.11.63.254...
Connected to 10.11.63.254.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2014-04-25 08:42:55 -0500

gmi gravatar image

You should probably enable SSH to only listen on the management interface of the hypervisor.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Get to know Ask OpenStack

Resources for moderators

Question Tools

Follow
1 follower

Stats

Asked: 2014-04-23 17:27:20 -0500

Seen: 44 times

Last updated: Apr 23 '14