Compute service node firewall requirements

Console connections for virtual machines, whether direct or through a proxy, are received on ports 5900 to 5999. You must configure the firewall on each Compute service node to enable network traffic on these ports.

Procedure 4.1. Configure the service-node firewall

On the server that hosts the Compute service, log in as root.
Edit the /etc/sysconfig/iptables file.
Add an INPUT rule that allows TCP traffic on ports that range from 5900 to 5999:
```
-A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT
```
The new rule must appear before any INPUT rules that REJECT traffic.
Save the changes to the /etc/sysconfig/iptables file.
Restart the iptables service to ensure that the change takes effect.
```
$ service iptables restart
```

The iptables firewall now enables incoming connections to the Compute services. Repeat this process for each Compute service node.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices