[Rdo-list] http server problem with openstack

Vedsar Kushwaha vedsarkushwaha at gmail.com
Sat Mar 28 14:46:51 UTC 2015 

New iptables -nL (for computer B)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.0.20         0.0.0.0/0            multiport
dports 5671,5672 /* 001 amqp incoming amqp_192.168.0.20 */
ACCEPT     tcp  --  192.168.0.19         0.0.0.0/0            multiport
dports 5666 /* 001 nagios-nrpe incoming nagios_nrpe */
ACCEPT     udp  --  192.168.0.19         0.0.0.0/0            multiport
dports 4789 /* 001 neutron tunnel port incoming
neutron_tunnel_192.168.0.20_192.168.0.19 */
ACCEPT     tcp  --  192.168.0.19         0.0.0.0/0            multiport
dports 5900:5999 /* 001 nova compute incoming nova_compute */
ACCEPT     tcp  --  192.168.0.20         0.0.0.0/0            multiport
dports 16509,49152:49215 /* 001 nova qemu migration incoming
nova_qemu_migration_192.168.0.20_192.168.0.20 */
ACCEPT     tcp  --  192.168.0.21         0.0.0.0/0            multiport
dports 16509,49152:49215 /* 001 nova qemu migration incoming
nova_qemu_migration_192.168.0.20_192.168.0.21 */
ACCEPT     tcp  --  192.168.0.22         0.0.0.0/0            multiport
dports 16509,49152:49215 /* 001 nova qemu migration incoming
nova_qemu_migration_192.168.0.20_192.168.0.22 */
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state
RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp
dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


One more question, I'm on Centos7 using openstack juno:

When starting firewalld, (service firewalld start) iptable stopped.
Similarly, when iptables starts (service iptables start), firewalld gets
stopped.



On Sat, Mar 28, 2015 at 7:49 PM, Vedsar Kushwaha <vedsarkushwaha at gmail.com>
wrote:

> I'm using curl to access to the HTTPSEEVER.
>
> python -m SimpleHTTPServer 30001
>
>
> iptables -nL
>
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate
> RELATED,ESTABLISHED
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0
> INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
> INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate
> RELATED,ESTABLISHED
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0
> FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
>
> FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
> FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
>
> FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FORWARD_IN_ZONES (1 references)
> target     prot opt source               destination
> FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
> FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
>
> Chain FORWARD_IN_ZONES_SOURCE (1 references)
> target     prot opt source               destination
>
> Chain FORWARD_OUT_ZONES (1 references)
> target     prot opt source               destination
> FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
> FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
>
> Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> target     prot opt source               destination
>
> Chain FORWARD_direct (1 references)
> target     prot opt source               destination
>
> Chain FWDI_public (2 references)
> target     prot opt source               destination
> FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0
> FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
> FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FWDI_public_allow (1 references)
> target     prot opt source               destination
>
> Chain FWDI_public_deny (1 references)
> target     prot opt source               destination
>
> Chain FWDI_public_log (1 references)
> target     prot opt source               destination
>
> Chain FWDO_public (2 references)
> target     prot opt source               destination
> FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0
> FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
> FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FWDO_public_allow (1 references)
> target     prot opt source               destination
>
> Chain FWDO_public_deny (1 references)
> target     prot opt source               destination
>
> Chain FWDO_public_log (1 references)
> target     prot opt source               destination
>
> Chain INPUT_ZONES (1 references)
> target     prot opt source               destination
> IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
> IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
>
> Chain INPUT_ZONES_SOURCE (1 references)
> target     prot opt source               destination
>
> Chain INPUT_direct (1 references)
> target     prot opt source               destination
>
> Chain IN_public (2 references)
> target     prot opt source               destination
> IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0
> IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
> IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain IN_public_allow (1 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
> ctstate NEW
>
> Chain IN_public_deny (1 references)
> target     prot opt source               destination
>
> Chain IN_public_log (1 references)
> target     prot opt source               destination
>
> Chain OUTPUT_direct (1 references)
> target     prot opt source               destination
>
> On Sat, Mar 28, 2015 at 6:57 PM, Marius Cornea <marius at remote-lab.net>
> wrote:
>
>> iptables -nL ?
>>
>> Also it's not clear to me when you get the 'No route to host' message.
>> How are you trying to access it?
>>
>> On Sat, Mar 28, 2015 at 2:23 PM, Vedsar Kushwaha
>> <vedsarkushwaha at gmail.com> wrote:
>> > firewall is disable on all computers :)
>> >
>> > Redirecting to /bin/systemctl status  firewalld.service
>> > firewalld.service - firewalld - dynamic firewall daemon
>> >    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
>> >    Active: inactive (dead)
>> >
>> >
>> > On Sat, Mar 28, 2015 at 6:35 PM, Marius Cornea <marius at remote-lab.net>
>> > wrote:
>> >>
>> >> Hi,
>> >>
>> >> It sounds to me like a firewall issue. Please check the firewall rules
>> >> on computer B and make sure you allow HTTP access from the clients.
>> >>
>> >> Tnx,
>> >> Marius
>> >>
>> >> On Sat, Mar 28, 2015 at 1:43 PM, Vedsar Kushwaha
>> >> <vedsarkushwaha at gmail.com> wrote:
>> >> > I installed openstack --allinone on one computer (Say A).
>> >> >
>> >> > Then, I added two more compute nodes(Say B and C) on this.
>> >> >
>> >> > Everything is working fine.
>> >> >
>> >> > But now, for some other reason I want to start HTTPServer on
>> computer B
>> >> > and
>> >> > access it from computer X and Y which are different from A,B & C.
>> >> >
>> >> > Now after running HTTPServer on computer B, I'm not able to access it
>> >> > from
>> >> > computer X and Y.
>> >> > Giving Error 'No route to host'
>> >> >
>> >> > Although from computer B, I can access HTTPServer of computer B.
>> >> >
>> >> >
>> >> > Please help.
>> >> >
>> >> > --
>> >> > Vedsar Kushwaha
>> >> > M.Tech-Computational Science
>> >> > Indian Institute of Science
>> >> >
>> >> > _______________________________________________
>> >> > Rdo-list mailing list
>> >> > Rdo-list at redhat.com
>> >> > https://www.redhat.com/mailman/listinfo/rdo-list
>> >> >
>> >> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>> >
>> >
>> >
>> >
>> > --
>> > Vedsar Kushwaha
>> > M.Tech-Computational Science
>> > Indian Institute of Science
>>
>
>
>
> --
> Vedsar Kushwaha
> M.Tech-Computational Science
> Indian Institute of Science
>



-- 
Vedsar Kushwaha
M.Tech-Computational Science
Indian Institute of Science
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20150328/7df60163/attachment.html>

More information about the dev mailing list