Ask Your Question
1

Which ports do I need to open to allow NoVNC console access in Horizon?

asked 2014-09-21 06:30:44 -0600

stdg11 gravatar image

Im struggling to get the NoVNC console working in Horizon for access from home. When I open all TCP ports on the firewall(FortiGate) it works fine.

I've tried opening port 6080 and all sorts of other combinations with results from netstat and docs online including http://docs.openstack.org/trunk/config-reference/content/firewalls-default-ports.html (http://docs.openstack.org/trunk/confi...)

Which ports have you guys got open?

Thanks, Daniel

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-11-20 16:44:02 -0600

stdg11 gravatar image

Tuns out this was a simple one. On the FortiGate firewall I had set source and destination port too 6080. Upon leaving the source as blank allowing any port and destination 6080 it worked.

edit flag offensive delete link more
2

answered 2014-09-21 10:55:35 -0600

larsks gravatar image

In order to access the NoVNC console, you need the following ports open on the server:

  • Ports 80 and/or 443, for accessing the Horizon GUI itself.
  • Port 6080, for accessing the console URL

You also need to permit the system running the novnc proxy to have access to VNC ports on the compute nodes, which means the compute nodes need to permit access to ports 5900 through (5900 + the maximum number of active instances you expect to have).

You will need to make sure that novncproxy_base_url is set correctly on your compute nodes.

On the "Console" tab of the "Instance details" screen, look at the URL for the "Click here to show only console" link; make sure the ip address here looks sane.

edit flag offensive delete link more

Comments

It all works when I open all the ports so its not a config issue, plus it works 100% internally, this is just an external problem. Ports 80,443 and 6080 are open for the controller, Ive even tried adding 5900-5999 to no avail.

stdg11 gravatar imagestdg11 ( 2014-09-21 15:17:53 -0600 )edit

What is the actual value of the console URL (from the "click here to show only console" link)? That URL will have a hostname and port; if that port is open in your firewall, you could be able to connect to it directly using, e.g., telnet or curl. What behavior do you see? (continued...)

larsks gravatar imagelarsks ( 2014-09-21 15:34:57 -0600 )edit

...can you update your question with (a) the value of the console url (from the "click here to show only console" link) and (b) a link to the output of iptables-save?

larsks gravatar imagelarsks ( 2014-09-21 15:35:44 -0600 )edit

Ill have a go at telnetting in. The console link is [http://cloud.bourne-grammar.lincs.sch.uk:6080/vnc_auto.html?token=2401dd60-be2d-4061-a7e9-5723772ffedd&title=1st%20instance(d0281a73-c4a9-4594-b213-a61912529fd3)]

stdg11 gravatar imagestdg11 ( 2014-09-21 16:14:47 -0600 )edit

Heres the iptables from the controller http://paste.openstack.org/show/113970/

stdg11 gravatar imagestdg11 ( 2014-09-21 16:17:55 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-09-21 06:30:44 -0600

Seen: 5,756 times

Last updated: Nov 20 '14