Ask Your Question

iptables rule in controller blocking the LBAAS functionality!

asked 2016-05-12 03:47:56 -0500

Vinoth gravatar image


I have liberty rdo setup up and running. I recently added the LBAAS component to the existing working setup but the LBAAS is not working as expected. I can reach the LBAAS VIP from the VM I have added in the pool. But unable to reach the LBAAS from the router and anywhere.

After analysing we found the below Iptables rules were blocking the traffic to LBAAS VIP.

Chain neutron-linuxbri-sg-fallback (2 references)
num  target     prot opt source               destination
1    DROP       all  --  anywhere             anywhere             / Default drop rule for unmatched traffic. /

Once I remove the above iptable chain then everything working fine. This same chain recreated when I restart the neutron services.

Can anyone help me with any suggestion? Do I wanna add any new iptables rule manually for using LBAAS in openstack controller?



edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-05-12 11:18:25 -0500

Vinoth gravatar image


Adding "ALLOW' all traffic" rule in the existing Default security has solved the issue for me. In my case, only "default security group" applies to LBAAS demon created.

In normal case whatever the security group we are added to the VMs (member pool VMs) should be applied to the VIP demon as well but In our case, only "default" security group applies.

So the fix is to add the rule in the default security group to allow appropriate traffic.


Vinoth Kumar Selvaraj

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-05-12 03:47:56 -0500

Seen: 189 times

Last updated: May 12 '16