On 11/09/2015 09:55 AM, Wilence Yao wrote:
Hi all, After I run devstack/stack.sh completely, I found that api is not reachable. After some check, I found some iptables rules cause the problem:
<snip>
ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> reject-with icmp-host-prohibited ``` The last two rules reject all access to the host except port 22(ssh). Why should devstack add this two rules in host?
The devstack scripts don't add either of those rules, my guess is your distro has locked things down by default. So you'll need to figure out how best to deal with it, either disabling completely or opening all the ports you'll need for devstack to function.
-Brian __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
