[Rdo-list] http server problem with openstack
Marius Cornea
marius at remote-lab.net
Sat Mar 28 14:55:21 UTC 2015
Try adding the rule manually for your webserver
iptables -I INPUT -p tcp --dport 30001 -j ACCEPT
Depending on what you want to use you can add it to the settings:
/etc/sysconfig/iptables for the iptables service or /etc/firewalld/
for firewalld. For sake of debugging you could also use 'iptables -F'
to delete all rules.
On Sat, Mar 28, 2015 at 3:46 PM, Vedsar Kushwaha
<vedsarkushwaha at gmail.com> wrote:
> New iptables -nL (for computer B)
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- 192.168.0.20 0.0.0.0/0 multiport
> dports 5671,5672 /* 001 amqp incoming amqp_192.168.0.20 */
> ACCEPT tcp -- 192.168.0.19 0.0.0.0/0 multiport
> dports 5666 /* 001 nagios-nrpe incoming nagios_nrpe */
> ACCEPT udp -- 192.168.0.19 0.0.0.0/0 multiport
> dports 4789 /* 001 neutron tunnel port incoming
> neutron_tunnel_192.168.0.20_192.168.0.19 */
> ACCEPT tcp -- 192.168.0.19 0.0.0.0/0 multiport
> dports 5900:5999 /* 001 nova compute incoming nova_compute */
> ACCEPT tcp -- 192.168.0.20 0.0.0.0/0 multiport
> dports 16509,49152:49215 /* 001 nova qemu migration incoming
> nova_qemu_migration_192.168.0.20_192.168.0.20 */
> ACCEPT tcp -- 192.168.0.21 0.0.0.0/0 multiport
> dports 16509,49152:49215 /* 001 nova qemu migration incoming
> nova_qemu_migration_192.168.0.20_192.168.0.21 */
> ACCEPT tcp -- 192.168.0.22 0.0.0.0/0 multiport
> dports 16509,49152:49215 /* 001 nova qemu migration incoming
> nova_qemu_migration_192.168.0.20_192.168.0.22 */
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
> dpt:22
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
> RELATED,ESTABLISHED
> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-port-unreachable
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-port-unreachable
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> One more question, I'm on Centos7 using openstack juno:
>
> When starting firewalld, (service firewalld start) iptable stopped.
> Similarly, when iptables starts (service iptables start), firewalld gets
> stopped.
>
>
>
> On Sat, Mar 28, 2015 at 7:49 PM, Vedsar Kushwaha <vedsarkushwaha at gmail.com>
> wrote:
>>
>> I'm using curl to access to the HTTPSEEVER.
>>
>> python -m SimpleHTTPServer 30001
>>
>>
>> iptables -nL
>>
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate
>> RELATED,ESTABLISHED
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
>> INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
>> INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>> icmp-host-prohibited
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate
>> RELATED,ESTABLISHED
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
>> FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
>> FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
>> FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
>> FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
>> icmp-host-prohibited
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>> OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain FORWARD_IN_ZONES (1 references)
>> target prot opt source destination
>> FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>> FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>>
>> Chain FORWARD_IN_ZONES_SOURCE (1 references)
>> target prot opt source destination
>>
>> Chain FORWARD_OUT_ZONES (1 references)
>> target prot opt source destination
>> FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>> FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>>
>> Chain FORWARD_OUT_ZONES_SOURCE (1 references)
>> target prot opt source destination
>>
>> Chain FORWARD_direct (1 references)
>> target prot opt source destination
>>
>> Chain FWDI_public (2 references)
>> target prot opt source destination
>> FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0
>> FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0
>> FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain FWDI_public_allow (1 references)
>> target prot opt source destination
>>
>> Chain FWDI_public_deny (1 references)
>> target prot opt source destination
>>
>> Chain FWDI_public_log (1 references)
>> target prot opt source destination
>>
>> Chain FWDO_public (2 references)
>> target prot opt source destination
>> FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0
>> FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0
>> FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain FWDO_public_allow (1 references)
>> target prot opt source destination
>>
>> Chain FWDO_public_deny (1 references)
>> target prot opt source destination
>>
>> Chain FWDO_public_log (1 references)
>> target prot opt source destination
>>
>> Chain INPUT_ZONES (1 references)
>> target prot opt source destination
>> IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>> IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
>>
>> Chain INPUT_ZONES_SOURCE (1 references)
>> target prot opt source destination
>>
>> Chain INPUT_direct (1 references)
>> target prot opt source destination
>>
>> Chain IN_public (2 references)
>> target prot opt source destination
>> IN_public_log all -- 0.0.0.0/0 0.0.0.0/0
>> IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0
>> IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0
>>
>> Chain IN_public_allow (1 references)
>> target prot opt source destination
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
>> ctstate NEW
>>
>> Chain IN_public_deny (1 references)
>> target prot opt source destination
>>
>> Chain IN_public_log (1 references)
>> target prot opt source destination
>>
>> Chain OUTPUT_direct (1 references)
>> target prot opt source destination
>>
>> On Sat, Mar 28, 2015 at 6:57 PM, Marius Cornea <marius at remote-lab.net>
>> wrote:
>>>
>>> iptables -nL ?
>>>
>>> Also it's not clear to me when you get the 'No route to host' message.
>>> How are you trying to access it?
>>>
>>> On Sat, Mar 28, 2015 at 2:23 PM, Vedsar Kushwaha
>>> <vedsarkushwaha at gmail.com> wrote:
>>> > firewall is disable on all computers :)
>>> >
>>> > Redirecting to /bin/systemctl status firewalld.service
>>> > firewalld.service - firewalld - dynamic firewall daemon
>>> > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
>>> > Active: inactive (dead)
>>> >
>>> >
>>> > On Sat, Mar 28, 2015 at 6:35 PM, Marius Cornea <marius at remote-lab.net>
>>> > wrote:
>>> >>
>>> >> Hi,
>>> >>
>>> >> It sounds to me like a firewall issue. Please check the firewall rules
>>> >> on computer B and make sure you allow HTTP access from the clients.
>>> >>
>>> >> Tnx,
>>> >> Marius
>>> >>
>>> >> On Sat, Mar 28, 2015 at 1:43 PM, Vedsar Kushwaha
>>> >> <vedsarkushwaha at gmail.com> wrote:
>>> >> > I installed openstack --allinone on one computer (Say A).
>>> >> >
>>> >> > Then, I added two more compute nodes(Say B and C) on this.
>>> >> >
>>> >> > Everything is working fine.
>>> >> >
>>> >> > But now, for some other reason I want to start HTTPServer on
>>> >> > computer B
>>> >> > and
>>> >> > access it from computer X and Y which are different from A,B & C.
>>> >> >
>>> >> > Now after running HTTPServer on computer B, I'm not able to access
>>> >> > it
>>> >> > from
>>> >> > computer X and Y.
>>> >> > Giving Error 'No route to host'
>>> >> >
>>> >> > Although from computer B, I can access HTTPServer of computer B.
>>> >> >
>>> >> >
>>> >> > Please help.
>>> >> >
>>> >> > --
>>> >> > Vedsar Kushwaha
>>> >> > M.Tech-Computational Science
>>> >> > Indian Institute of Science
>>> >> >
>>> >> > _______________________________________________
>>> >> > Rdo-list mailing list
>>> >> > Rdo-list at redhat.com
>>> >> > https://www.redhat.com/mailman/listinfo/rdo-list
>>> >> >
>>> >> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Vedsar Kushwaha
>>> > M.Tech-Computational Science
>>> > Indian Institute of Science
>>
>>
>>
>>
>> --
>> Vedsar Kushwaha
>> M.Tech-Computational Science
>> Indian Institute of Science
>
>
>
>
> --
> Vedsar Kushwaha
> M.Tech-Computational Science
> Indian Institute of Science
More information about the dev
mailing list