We use CentOS 6.4, which does not support network namespace. So "ip netns .." fails.
Thanks, David ----- Original Message ----- > that will not show the rules for the instance. try this > ip netns exec <yourrouter-uuid> iptables -nxvL > > > On Jul 23, 2013, at 09:59 , David Kang <dk...@isi.edu> wrote: > > > > > Thank you for your suggestion. > > > > We are using Quantum/Neutron not nova-network. > > So, we don't use br100. > > (I believe you are using nova-network.) > > > > And the firewall rules that cause problem reside on the Quantum node > > not on the nova-compute node. > > I cannot find any rule for "--dport 67" on my Quantum node. > > I used "service iptables status" command to check the firewall > > rules. > > > > Thanks, > > David > > > > > > ----- Original Message ----- > >> Hi, > >> > >> Please can you look up in the iptables? > >> Normally on a working openstack host the packets comming in the > >> filter > >> table in the input chain are directed to the nova-network-INPUT > >> which > >> has a rule to accept dhcp packets. > >> On my setup is something like: > >> -A INPUT -j nova-network-INPUT > >> > >> . > >> . > >> . > >> -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT > >> > >> > >> So I think you have to look somewhere else for your issue. > >> > >> > >> Regards, > >> Gabriel > >> > >> > >> > >> > >> > >> > >> From: David Kang <dk...@isi.edu> > >> To: "openstack@lists.launchpad.net (openstack@lists.launchpad.net)" > >> <openstack@lists.launchpad.net> > >> Sent: Tuesday, July 23, 2013 7:22 PM > >> Subject: [Openstack] [Quantum/Neutron] VM cannot get IP address > >> from > >> DHCP server > >> > >> > >> > >> Hi, > >> > >> We are running OpenStack Folsom on CentOS 6.4. > >> Quantum-linuxbridge-agent is used. > >> By default, the Quantum node has the following entries in its > >> /etc/sysconfig/iptables file. > >> > >> -A INPUT -j REJECT --reject-with icmp-host-prohibited > >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited > >> > >> With those two lines, VM cannot get IP address from the DHCP server > >> running on the Quantum node. > >> More specifically, the first line prevents a VM from getting IP > >> address from DHCP server. > >> The second line prevents a VM from talking to other VMs and > >> external > >> worlds. > >> Is there a better way to make the Quantum network work well > >> than just commenting them out? > >> > >> I'll appreciate your help. > >> > >> David > >> > >> -- > >> ---------------------- > >> Dr. Dong-In "David" Kang > >> Computer Scientist > >> USC/ISI > >> > >> _______________________________________________ > >> Mailing list: https://launchpad.net/~openstack > >> Post to : openstack@lists.launchpad.net > >> Unsubscribe : https://launchpad.net/~openstack > >> More help : https://help.launchpad.net/ListHelp > > > > -- > > ---------------------- > > Dr. Dong-In "David" Kang > > Computer Scientist > > USC/ISI > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : openstack@lists.launchpad.net > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > > > !DSPAM:2,51eeb6bc294852088044995! > > -- ---------------------- Dr. Dong-In "David" Kang Computer Scientist USC/ISI _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp