Hi Lei, I could spend some more time looking at my "no route to host" issue today. I could be very well that the iptables on VM is the root of the problem.
Here is what it looks like. *$ sudo iptables -L* *Chain INPUT (policy ACCEPT)* *target prot opt source destination * *ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED* *ACCEPT icmp -- anywhere anywhere * *ACCEPT all -- anywhere anywhere * *ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh* *REJECT all -- anywhere anywhere reject-with icmp-host-prohibited* * * *Chain FORWARD (policy ACCEPT)* *target prot opt source destination * *REJECT all -- anywhere anywhere reject-with icmp-host-prohibited* * * *Chain OUTPUT (policy ACCEPT)* *target prot opt source destination * I am not unfortunately very familiar with iptables's rules syntax Shouldn't ACCEPT all -- anywhere anywhere allow my http traffic to port 80? However, running explicitly *sudo iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT* Does fix the problem. I can access my instance on port 80. But my VM is associated with the default security group in which I added a rule to enable http traffic. $ nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | | tcp | 22 | 22 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ So the big question is why aren't my iptables rules in the VM no setup by the security group specs? I don't see any error in nova logs on the compute node. Any help would be really appreciated. Thanks Patrick 2012/12/6 Lei Zhang <[email protected]> > Could you check the iptables in the vm? Whether it drop the packets on the > port 80 > > > On Thu, Dec 6, 2012 at 12:29 AM, Patrick Petit < > [email protected]> wrote: > >> Dear Stackers, >> >> I am running instance wordpress.WikiServer >> >> >> $ nova list >> >> +--------------------------------------+--------------------------+--------+------------------------------------+ >> | ID | Name | >> Status | Networks | >> >> +--------------------------------------+--------------------------+--------+------------------------------------+ >> | 6be47af7-2e29-4b4c-afeb-0a7f760f5970 | test2 | >> ACTIVE | xlcloud=172.16.1.6 | >> | 5a4c552f-933c-4a06-8e6f-164176380af5 | wordpress.DatabaseServer | >> ACTIVE | xlcloud=172.16.1.3 | >> | ddb120d9-e1ad-444c-8490-37ecb15f500e | wordpress.WikiServer | >> ACTIVE | xlcloud=172.16.1.4, 10.197.217.131 | >> >> +--------------------------------------+--------------------------+--------+------------------------------------+ >> >> >> With Security Group setup as: >> >> $ nova secgroup-list >> >> +-----------------------------------+------------------------------------------------+ >> | Name | Description >> | >> >> +-----------------------------------+------------------------------------------------+ >> | default | default >> | >> >> +-----------------------------------+------------------------------------------------+ >> >> >> $ nova secgroup-list-rules default >> +-------------+-----------+---------+-----------+--------------+ >> | IP Protocol | From Port | To Port | IP Range | Source Group | >> +-------------+-----------+---------+-----------+--------------+ >> | icmp | -1 | -1 | 0.0.0.0/0 | | >> | tcp | 22 | 22 | 0.0.0.0/0 | | >> | tcp | 80 | 80 | 0.0.0.0/0 | | >> +-------------+-----------+---------+-----------+--------------+ >> >> I can ping and ssh through the fix or floating IP without any problem >> (172.16.1.4, 10.197.217.131). >> But HTTP requests on port 80 doesn't go through. >> I get a "no route host" error message from wget or telnet for example. >> >> Ex. $ telnet 172.16.1.4 80 >> Trying 172.16.1.4... >> telnet: Unable to connect to remote host: No route to host. >> Clearly it's not a routing problem. >> >> Any idea what the problem could be or hints to debug it. >> >> Thanks >> Patrick >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Lei Zhang > > Blog: http://jeffrey4l.github.com > twitter/weibo: @jeffrey4l > > -- *"Give me a place to stand, and I shall move the earth with a lever"*
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
