user42's profile - activity

2014-04-30 04:12:17 -0600 received badge  Self-Learner (source)
2014-04-30 04:12:17 -0600 received badge  Teacher (source)
2014-04-28 11:47:13 -0600 received badge  Famous Question (source)
2014-04-26 10:17:12 -0600 answered a question RDO CentOS 6.5 All-In-One Single NIC instances cannot access internet

So, I am not the only one and I found out that one only needs to comment out the general forward reject rule. The rules from openstack for virbr0 are ok.

# forward masquerading rule
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1/24 -j MASQUERADE

# forward reject rules to remove from /etc/sysconfig/iptables
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
2014-04-22 15:15:00 -0600 received badge  Notable Question (source)
2014-04-22 13:41:35 -0600 commented question RDO CentOS 6.5 All-In-One Single NIC instances cannot access internet

Cool. Thanks for the links! I managed to get GlusterFS 3.4.2 running, using it as distributed file system for the instances by inserting following rules before the reject rule:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 24007:24008 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 38465:38468 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 49152:49162 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT

But for using GlusterFS as cinder backend you have to remove/uncomment all reject rules.

However to get ... (more)

2014-04-22 13:27:29 -0600 received badge  Popular Question (source)
2014-04-22 06:49:16 -0600 asked a question RDO CentOS 6.5 All-In-One Single NIC instances cannot access internet

I've installed Havana All-In-One with RDO packstack on a CentOS 6.5 single NIC server but cannot access internet from the instances as long as I do not remove the reject forward rules from iptables.

I've already tried to manually add a masquerading rule before the reject rules but it doesn't help.

# forward masquerading rule
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1/24 -j MASQUERADE

# forward reject rules to remove from /etc/sysconfig/iptables
#-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
#-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Any ideas?

Thanks