Hi Adhi, yeah this seems to be iptables blocking you're traffic. Calling # iptables-save gives you an easy to read output of all your rules.
Probably you'll find some rule like # -A INPUT -j REJECT --reject-with icmp-host-prohibited Now the problem with the 2 rules you added is, that you are appending your rules with -A. Iptables-save should show, that they are processed after the blocking rule (means never). So what you need to do is to insert your 2 rules before the blocking rule. You can do that using -I instead of -A. Alternatively you could just delete the blocking rule using: # iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited Note: The commands just add/delete the rules on your running system. After a reboot the rule will be gone again. You need to persist them. How to do that depends on if you're using firewalld or iptables-service. I think the www will help you there. Hope that helps -- ----- Andreas IRC: andreas_s (formerly scheuran) On Di, 2016-06-28 at 13:14 +0700, Adhi Priharmanto wrote: > Hi, all I've setup liberty release with neutron-openvswitch using gre > tunnel at Centos. I've an problems when iptables service started at > network and compute node. > Instance couldn't get the internal IP address(DHCP) when it boot, if > dump the packet using tcpdump on both of tunnel interface it says like > this : > > 13:03:08.164944 IP 10.24.0.23 > opstcomp1-srg.dev.jcamp.net: ICMP host > 10.24.0.23 unreachable - admin prohibited, length 106 > > > > 10.24.0.0/24 is my tunnel IP network. I've already add this rule on > both node but its no luck > > > iptables -A INPUT -p gre -j ACCEPT > > iptables -A FORWARD -p gre -j ACCEPT > > > > Can someone help me to solve this problem ? > > > -- > Cheers, > > > Adhi Priharmanto > about.me/a_dhi > > > > +62-812-82121584 > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack