Ask Your Question

Security group does not work between two internal subnets?

asked 2014-05-23 08:52:59 -0600

autumnw gravatar image

updated 2014-05-23 09:18:33 -0600


I have two internal subnets in one tenant :

  • Subnet A:
  • Subnet B:

And one external subnet:


All three subnets connect to the same router (router01), I want to put my web server into subnet A with external access; Want to put my DB server into subnet B. I just want web server can access DB server through port 3306(for mysql). For security reason, I don't want web server can access DB server through SSH (port22). So I applied the following security rule on DB server. But after that, I still can ssh to my DB server from my WEB server.

Direction   Ether Type  IP Protocol     Port Range  Remote 
Ingress IPv4                     ICMP            -         (CIDR)

This is a simple ENV with is built with packstack icehouse, with GRE network, it is an all-in-one box. So did I understand the security group wrong or anything wrong on my ENV? Could someone shed a light on what should I check further?

edit retag flag offensive close merge delete


Is it the only security group applied to DB server? Because you can add more than one SG with different security rules to each server. Please check it out.

Could you post the security groups you have (with the associated security rules) and its corresponding mapping to VMs?

Antonio G. gravatar imageAntonio G. ( 2014-05-23 09:41:31 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-05-23 09:37:29 -0600

SGPJ gravatar image

updated 2014-05-23 09:42:54 -0600

Can you setup Firewall as a Service in openstack, apply above rule in both ends and test.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2014-05-23 08:52:59 -0600

Seen: 82 times

Last updated: May 23 '14