Atom feed of this document
  
 

 Compute service node firewall requirements

Console connections for virtual machines, whether direct or through a proxy, are received on ports 5900 to 5999. You must configure the firewall on each Compute service node to enable network traffic on these ports.

 

Procedure 4.1. Configure the service-node firewall

  1. On the server that hosts the Compute service, log in as root.

  2. Edit the /etc/sysconfig/iptables file.

  3. Add an INPUT rule that allows TCP traffic on ports that range from 5900 to 5999:

    -A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT

    The new rule must appear before any INPUT rules that REJECT traffic.

  4. Save the changes to the /etc/sysconfig/iptables file.

  5. Restart the iptables service to ensure that the change takes effect.

    $ service iptables restart

The iptables firewall now enables incoming connections to the Compute services. Repeat this process for each Compute service node.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...