Ask Your Question
0

rules not working properly on security groups

asked 2016-01-05 23:28:27 -0500

Basivireddy gravatar image

updated 2016-01-06 22:45:10 -0500

Bipin gravatar image

I did not apply the ICMP rule but I am able to ping the vm.

 [root@n42-poweredge-3 ~]# iptables -S | grep tap607c43ff-13

-A neutron-openvswi-FORWARD -m physdev --physdev-out tap607c43ff-13 --physdev-is-bridged -j neutron-openvswi-sg-chain

-A neutron-openvswi-FORWARD -m physdev --physdev-in tap607c43ff-13 --physdev-is-bridged -j neutron-openvswi-sg-chain

-A neutron-openvswi-INPUT -m physdev --physdev-in tap607c43ff-13 --physdev-is-bridged -j neutron-openvswi-o607c43ff-1

-A neutron-openvswi-sg-chain -m physdev --physdev-out tap607c43ff-13 --physdev-is-bridged -j neutron-openvswi-i607c43ff-1

-A neutron-openvswi-sg-chain -m physdev --physdev-in tap607c43ff-13 --physdev-is-bridged -j neutron-openvswi-o607c43ff-1

 [root@n42-poweredge-3 ~]# iptables -s neutron-openvswi-i607c43ff-1

iptables v1.4.21: no command specified

Try `iptables -h' or 'iptables --help' for more information.

[root@n42-poweredge-3 ~]# iptables -L neutron-openvswi-i607c43ff-1

Chain neutron-openvswi-i607c43ff-1 (1 references)

target     prot opt source               destination

DROP       all  --  anywhere             anywhere             state INVALID

RETURN     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

RETURN     udp  --  10.10.10.3           anywhere             udp spt:bootps dpt:bootpc

RETURN     tcp  --  10.0.0.0/24          anywhere             tcp multiport dports tcpmux:65535

neutron-openvswi-sg-fallback  all  --  anywhere             anywhere



[root@n42-poweredge-3 ~]# iptables -L neutron-openvswi-o607c43ff-1

Chain neutron-openvswi-o607c43ff-1 (2 references)

target     prot opt source               destination

RETURN     udp  --  anywhere             anywhere             udp spt:bootpc dpt:bootps

neutron-openvswi-s607c43ff-1  all  --  anywhere             anywhere

DROP       udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc

DROP       all  --  anywhere             anywhere             state INVALID

RETURN     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

RETURN     tcp  --  anywhere             10.0.0.0/24          tcp multiport dports tcpmux:65535

neutron-openvswi-sg-fallback  all  --  anywhere             anywhere

> [root@n42-poweredge-3 ~]# iptables -L neutron-openvswi-s607c43ff-1

Chain neutron-openvswi-s607c43ff-1 (1 references)

target     prot opt source               destination

RETURN     all  --  10.10.10.7           anywhere             MAC FA:16:3E:B9:47:3B

DROP       all  --  anywhere             anywhere
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-06 23:10:01 -0500

Prateek K gravatar image

updated 2016-01-06 23:10:37 -0500

Hmm... this is strange , what my wild guess would be to check the configurations files of neutron and see weather the firewall variable has been set correctly in security groups sections:-

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Let me know how it goes

edit flag offensive delete link more

Comments

I am using Same drivers.I follow the this installation guide.http://docs.openstack.org/juno/install-guide/install/yum/content/

Basivireddy gravatar imageBasivireddy ( 2016-01-07 23:30:59 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-01-05 23:28:27 -0500

Seen: 616 times

Last updated: Jan 06 '16