Ask Your Question
0

Is the host computer firewall necessary? Icehouse

asked 2014-05-08 13:05:52 -0500

dro gravatar image

I just ran to an issue where the network node was not able to communicate with the message server, "controller" , when I disabled the firewall on the controller, I saw that it was able to connect without issue. Is the firewall necessary on the host machines?, controller, network and compute?

thanks

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
2

answered 2014-05-08 14:30:03 -0500

mpetason gravatar image

You don't have to run it on the controller. For the network/compute neutron handles the iptable rules, you could add custom rules to allow other traffic to the host if you wanted. It isn't required, but for security you may want to setup custom rules. If you have issues with configuring rules due to familiarity with iptables you could use the "tui" package. It provides a decent text based ui that guides you through setting up rules.

Package: system-config-firewall-tui

edit flag offensive delete link more
0

answered 2014-05-08 15:03:34 -0500

dro gravatar image

So can I disable it then? I would be providing hardware firewall into the network where i would block/allow traffic.

thanks for you response! :P

edit flag offensive delete link more

Comments

You can on the controller. You'll want to launch a few instances to see how neutron manages the iptables rules on the compute/network node. It has to setup NAT rules to let the floating IP addresses know where they need to go.

mpetason gravatar imagempetason ( 2014-05-08 15:06:49 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-05-08 13:05:52 -0500

Seen: 168 times

Last updated: May 08 '14