<div dir="ltr"><div><div>New iptables -nL (for computer B)<br></div><div><br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT tcp -- 192.168.0.20 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 5671,5672 /* 001 amqp incoming amqp_192.168.0.20 */<br>ACCEPT tcp -- 192.168.0.19 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 5666 /* 001 nagios-nrpe incoming nagios_nrpe */<br>ACCEPT udp -- 192.168.0.19 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 4789 /* 001 neutron tunnel port incoming neutron_tunnel_192.168.0.20_192.168.0.19 */<br>ACCEPT tcp -- 192.168.0.19 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 5900:5999 /* 001 nova compute incoming nova_compute */<br>ACCEPT tcp -- 192.168.0.20 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 16509,49152:49215 /* 001 nova qemu migration incoming nova_qemu_migration_192.168.0.20_192.168.0.20 */<br>ACCEPT tcp -- 192.168.0.21 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 16509,49152:49215 /* 001 nova qemu migration incoming nova_qemu_migration_192.168.0.20_192.168.0.21 */<br>ACCEPT tcp -- 192.168.0.22 <a href="http://0.0.0.0/0">0.0.0.0/0</a> multiport dports 16509,49152:49215 /* 001 nova qemu migration incoming nova_qemu_migration_192.168.0.20_192.168.0.22 */<br>ACCEPT udp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> udp dpt:53<br>ACCEPT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:53<br>ACCEPT udp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> udp dpt:67<br>ACCEPT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:67<br>ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> state RELATED,ESTABLISHED<br>ACCEPT icmp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> <br>ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> <br>ACCEPT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> state NEW tcp dpt:22<br>REJECT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-host-prohibited<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://192.168.122.0/24">192.168.122.0/24</a> ctstate RELATED,ESTABLISHED<br>ACCEPT all -- <a href="http://192.168.122.0/24">192.168.122.0/24</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> <br>ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> <br>REJECT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable<br>REJECT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable<br>REJECT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-host-prohibited<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination <br><br><br></div><div>One more question, I'm on Centos7 using openstack juno:<br></div><div><br></div><div>When starting firewalld, (service firewalld start) iptable stopped.<br></div><div>Similarly, when iptables starts (service iptables start), firewalld gets stopped.<br><br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Mar 28, 2015 at 7:49 PM, Vedsar Kushwaha <span dir="ltr"><<a href="mailto:vedsarkushwaha@gmail.com" target="_blank">vedsarkushwaha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I'm using curl to access to the HTTPSEEVER.<br></div><br>python -m SimpleHTTPServer 30001<br><div><div><br><br>iptables -nL<br><br>target prot opt source destination <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ctstate RELATED,ESTABLISHED<br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>INPUT_direct all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>INPUT_ZONES_SOURCE all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>INPUT_ZONES all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT icmp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> reject-with icmp-host-prohibited<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ctstate RELATED,ESTABLISHED<br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FORWARD_direct all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FORWARD_IN_ZONES_SOURCE all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FORWARD_IN_ZONES all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FORWARD_OUT_ZONES_SOURCE all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FORWARD_OUT_ZONES all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT icmp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> reject-with icmp-host-prohibited<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination <br>OUTPUT_direct all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br><br>Chain FORWARD_IN_ZONES (1 references)<br>target prot opt source destination <br>FWDI_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br>FWDI_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br><br>Chain FORWARD_IN_ZONES_SOURCE (1 references)<br>target prot opt source destination <br><br>Chain FORWARD_OUT_ZONES (1 references)<br>target prot opt source destination <br>FWDO_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br>FWDO_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br><br>Chain FORWARD_OUT_ZONES_SOURCE (1 references)<br>target prot opt source destination <br><br>Chain FORWARD_direct (1 references)<br>target prot opt source destination <br><br>Chain FWDI_public (2 references)<br>target prot opt source destination <br>FWDI_public_log all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FWDI_public_deny all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FWDI_public_allow all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br><br>Chain FWDI_public_allow (1 references)<br>target prot opt source destination <br><br>Chain FWDI_public_deny (1 references)<br>target prot opt source destination <br><br>Chain FWDI_public_log (1 references)<br>target prot opt source destination <br><br>Chain FWDO_public (2 references)<br>target prot opt source destination <br>FWDO_public_log all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FWDO_public_deny all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>FWDO_public_allow all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br><br>Chain FWDO_public_allow (1 references)<br>target prot opt source destination <br><br>Chain FWDO_public_deny (1 references)<br>target prot opt source destination <br><br>Chain FWDO_public_log (1 references)<br>target prot opt source destination <br><br>Chain INPUT_ZONES (1 references)<br>target prot opt source destination <br>IN_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br>IN_public all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> [goto] <br><br>Chain INPUT_ZONES_SOURCE (1 references)<br>target prot opt source destination <br><br>Chain INPUT_direct (1 references)<br>target prot opt source destination <br><br>Chain IN_public (2 references)<br>target prot opt source destination <br>IN_public_log all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>IN_public_deny all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>IN_public_allow all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br><br>Chain IN_public_allow (1 references)<br>target prot opt source destination <br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:22 ctstate NEW<br><br>Chain IN_public_deny (1 references)<br>target prot opt source destination <br><br>Chain IN_public_log (1 references)<br>target prot opt source destination <br><br>Chain OUTPUT_direct (1 references)<br>target prot opt source destination<br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Mar 28, 2015 at 6:57 PM, Marius Cornea <span dir="ltr"><<a href="mailto:marius@remote-lab.net" target="_blank">marius@remote-lab.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">iptables -nL ?<br>
<br>
Also it's not clear to me when you get the 'No route to host' message.<br>
How are you trying to access it?<br>
<br>
On Sat, Mar 28, 2015 at 2:23 PM, Vedsar Kushwaha<br>
<div><div><<a href="mailto:vedsarkushwaha@gmail.com" target="_blank">vedsarkushwaha@gmail.com</a>> wrote:<br>
> firewall is disable on all computers :)<br>
><br>
> Redirecting to /bin/systemctl status firewalld.service<br>
> firewalld.service - firewalld - dynamic firewall daemon<br>
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)<br>
> Active: inactive (dead)<br>
><br>
><br>
> On Sat, Mar 28, 2015 at 6:35 PM, Marius Cornea <<a href="mailto:marius@remote-lab.net" target="_blank">marius@remote-lab.net</a>><br>
> wrote:<br>
>><br>
>> Hi,<br>
>><br>
>> It sounds to me like a firewall issue. Please check the firewall rules<br>
>> on computer B and make sure you allow HTTP access from the clients.<br>
>><br>
>> Tnx,<br>
>> Marius<br>
>><br>
>> On Sat, Mar 28, 2015 at 1:43 PM, Vedsar Kushwaha<br>
>> <<a href="mailto:vedsarkushwaha@gmail.com" target="_blank">vedsarkushwaha@gmail.com</a>> wrote:<br>
>> > I installed openstack --allinone on one computer (Say A).<br>
>> ><br>
>> > Then, I added two more compute nodes(Say B and C) on this.<br>
>> ><br>
>> > Everything is working fine.<br>
>> ><br>
>> > But now, for some other reason I want to start HTTPServer on computer B<br>
>> > and<br>
>> > access it from computer X and Y which are different from A,B & C.<br>
>> ><br>
>> > Now after running HTTPServer on computer B, I'm not able to access it<br>
>> > from<br>
>> > computer X and Y.<br>
>> > Giving Error 'No route to host'<br>
>> ><br>
>> > Although from computer B, I can access HTTPServer of computer B.<br>
>> ><br>
>> ><br>
>> > Please help.<br>
>> ><br>
>> > --<br>
>> > Vedsar Kushwaha<br>
>> > M.Tech-Computational Science<br>
>> > Indian Institute of Science<br>
>> ><br>
>> > _______________________________________________<br>
>> > Rdo-list mailing list<br>
>> > <a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
>> > <a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/mailman/listinfo/rdo-list</a><br>
>> ><br>
>> > To unsubscribe: <a href="mailto:rdo-list-unsubscribe@redhat.com" target="_blank">rdo-list-unsubscribe@redhat.com</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Vedsar Kushwaha<br>
> M.Tech-Computational Science<br>
> Indian Institute of Science<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr">Vedsar Kushwaha<div>M.Tech-Computational Science</div><div>Indian Institute of Science</div></div></div></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Vedsar Kushwaha<div>M.Tech-Computational Science</div><div>Indian Institute of Science</div></div></div></div></div>
</div>