Hi Josef, I replied to your comment. Please see below.
Please make sure that your OpenStack security group has the ports open like this Ingress IPv4 TCP 1 - 65535 0.0.0.0/0 - Delete Rule Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 - Delete Rule Ingress IPv4 UDP 1 - 65535 0.0.0.0/0 - Delete Rule Ingress IPv4 UDP 53 0.0.0.0/0 - Also, could you run these commands: in the packet generator: tcpdump -i eth1 in the firewall: tcpdump -i eth2 You should see traffic flowing through: 14:16:11.384577 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 120 14:16:11.484337 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 120 14:16:11.584315 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 120 14:16:11.684496 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 120 14:16:11.784383 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 120 Please let us know. Marco From: <onap-discuss-boun...@lists.onap.org> on behalf of Josef Reisinger <josef.reisin...@de.ibm.com> Date: Thursday, June 29, 2017 at 9:47 AM To: onap-discuss <onap-discuss@lists.onap.org> Subject: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack I asked the following uestion below under https://wiki.onap.org/questions/8227972/is-there-a-way-to-confirm-correct-spin-up-of-vfw-stack<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_questions_8227972_is-2Dthere-2Da-2Dway-2Dto-2Dconfirm-2Dcorrect-2Dspin-2Dup-2Dof-2Dvfw-2Dstack&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=9N6ziGL1ICnCbVsDhaD3h3Z3lBYeJwrqE2qXBEywbEw&s=hj0VJLDVKxIlqP3nzkN9j8b3KXVoU2EAeRLvXLXYpWs&e=>. I have spun up a stack in Openstack Ocata containing the three VMs for the firewall demo. I am able to connect to http://<sink-ip>:667/ and can see some graphics. But there is no traffic at all. I can see in pgn & fwl that there is some VPN setup with vpp.. but I cannot see any real traffic on (un)protected_network. I used curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"},{"id":"fw_udp6", "is-enabled":"true"},{"id":"fw_udp7", "is-enabled":"true"},{"id":"fw_udp8", "is-enabled":"true"},{"id":"fw_udp9", "is-enabled":"true"},{"id":"fw_udp10", "is-enabled":"true"}]}}' "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8183_restconf_config_sample-2Dplugin-3Asample-2Dplugin_pg-2Dstreams&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=9N6ziGL1ICnCbVsDhaD3h3Z3lBYeJwrqE2qXBEywbEw&s=Tl4XEFJIfLGLGh4CIpEQzyhJlggWjIshYWIEsDYJUAY&e=>" to trigger some messages ... with no success. Is there any documentation available which helps to understand what the vFW stack does? Mit freundlichen Grüßen / Kind regards Josef Reisinger When wisdom comes to call, there's nobody listening at all - Pendragon / Man Of Nomadic Traits IBM Sales & Distribution, Communications Sector Certified IT-Architect Telecommunications IBM Certified Telecommunications Industry ITA Lehrbeauftragter an der Hochschule Fresenius IBM Deutschland Godesberger Allee 127 53175 Bonn Beuel Phone: +49 151 1426 4559 Mobile: +49-(0) 151 1426 4559 E-Mail: josef.reisin...@de.ibm.com
_______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss