Ask Your Question
0

iptables on controller: where's the config?

asked 2014-11-21 14:37:38 -0500

federic0 gravatar image

hi all, i'm wondering where i can find the rules i got on the controller node (at the end chapter6 of installatin guide, 3 nodes, neutron setup). the controller node has firewalld up and runnign, and iptables -L shows a lot of rules i would like to modify because for example, i need to manually add a rule to permit rabbitmq connectivity from compute/network node. i've added rules manually and started a script via systemd, but that's the old-school way, so to make it clean i need to modify those rules where they are started! please point me to the right direction.

thanks for your support

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
1

answered 2014-11-22 10:20:53 -0500

federic0 gravatar image

ok i will follow this way, it's easy to understand but i was supposing that there it was some other method/daemon to take care of. thanks!

edit flag offensive delete link more

Comments

I know some people prefer firewalld ( Fedora geeks). However, ipv4 iptables firewall described above is much easier to learn and to use. If your major concern is firewalld (daemon), please , view
http://ktaraghi.blogspot.com/2013/10/...

dbaxps gravatar imagedbaxps ( 2014-11-22 10:59:10 -0500 )edit
dbaxps gravatar imagedbaxps ( 2014-11-22 11:05:05 -0500 )edit
1

answered 2014-11-21 14:45:25 -0500

dbaxps gravatar image

updated 2014-11-21 15:47:25 -0500

Steps :-

# service iptables save
# systemctl disable firewalld
# systemctl stop  firewalld
# systemctl enable iptables
# systemctl start iptables

Config file /etc/sysconfig/iptables. You update this file && service iptables restart

Add to *filter section

 -A INPUT -s 192.168.1.127/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.1.127" -j ACCEPT
 -A INPUT -s 192.168.1.137/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_192.168.1.137" -j ACCEPT

    192.168.1.127/32 - Controller
    192.168.1.137/32 - Compute

Save /etc/sysconfig/iptables.

# service iptables restart ;
[root@juno1 ~(keystone_admin)]# netstat -lntp | grep 5672
]tcp6       0      0 :::5672                 :::*                    LISTEN      2638/beam.smp       
[root@juno1 ~(keystone_admin)]# ps -ef | grep 2638
rabbitmq  2638     1  0 Nov21 ?        00:05:29 /usr/lib64/erlang/erts-5.10.4/bin/beam.smp -W w -K true -A30 -P 1048576 -- -root /usr/lib64/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/rabbitmq/lib/rabbitmq_server-3.1.5/sbin/../ebin -noshell -noinput -s rabbit boot -sname rabbit@juno1 -boot start_sasl -config /etc/rabbitmq/rabbitmq -kernel inet_default_connect_options [{nodelay,true}] -rabbit tcp_listeners [{"auto",5672}] -sasl errlog_type error -sasl sasl_error_logger false -rabbit error_logger {file,"/var/log/rabbitmq/rabbit@juno1.log"} -rabbit sasl_error_logger {file,"/var/log/rabbitmq/rabbit@juno1-sasl.log"} -rabbit enabled_plugins_file "/etc/rabbitmq/enabled_plugins" -rabbit plugins_dir "/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.5/sbin/../plugins" -rabbit plugins_expand_dir "/var/lib/rabbitmq/mnesia/rabbit@juno1-plugins-expand" -os_mon start_cpu_sup false -os_mon start_disksup false -os_mon start_memsup false -mnesia dir "/var/lib/rabbitmq/mnesia/rabbit@juno1"
rabbitmq  5181  2638  0 Nov21 ?        00:00:00 inet_gethost 4

I silently presume :-

[root@juno1 ~(keystone_admin)]# systemctl status rabbitmq-server
rabbitmq-server.service - RabbitMQ broker
   Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled)
   Active: active (running) since Fri 2014-11-21 08:50:49 MSK; 15h ago
  Process: 2639 ExecStartPost=/usr/lib/rabbitmq/bin/rabbitmqctl wait /var/run/rabbitmq/pid (code=exited, status=0/SUCCESS)
  Process: 1571 ExecStartPre=/bin/sh -c /usr/lib/rabbitmq/bin/rabbitmqctl status > /dev/null 2>&1 (code=exited, status=2)
 Main PID: 2638 (beam.smp)
   CGroup: /system.slice/rabbitmq-server.service
           ├─2638 /usr/lib64/erlang/erts-5.10.4/bin/beam.smp -W w -K true -A30 -P 1048576 -- -root /us...
           ├─5181 inet_gethost 4
           └─5182 inet_gethost 4

Nov 21 08:50:08 juno1.localdomain rabbitmqctl[2639]: pid is 2638 ...
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: RabbitMQ 3.1.5. Copyright (C) 2007-2013 GoP...c.
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: ##  ##      Licensed under the MPL.  See ht...m/
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: ##  ##
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: ##########  Logs: /var/log/rabbitmq/rabbit@...og
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: ######  ##        /var/log/rabbitmq/rabbit@...og
Nov 21 08:50:47 juno1.localdomain rabbitmq-server[2638]: ##########
Nov 21 08:50:48 juno1.localdomain rabbitmq-server[2638]: Starting broker... completed with 0 plugins.
Nov 21 08:50:49 juno1.localdomain rabbitmqctl[2639]: ...done.
Nov 21 08:50:49 juno1.localdomain ...
(more)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-11-21 14:37:38 -0500

Seen: 2,311 times

Last updated: Nov 22 '14