- 论坛徽章:
- 0
|
|
求大神指教怎么可以连上虚拟机实例
环境:
操作系统:RedHat7,安装包使用的centos7的源,openstack版本juno
网络环境:单一扁平网络 flat模式,网段192.168.2.0/24,处于vlan2,测试连接虚拟机实例环境vlan1,网段192.168.1.0/24,vlan1和vlan2网络是互通的,云平台搭建在vlan2网络,ip地址分配2.0网段,实例ip为2.0网段
问题:
在创建完虚拟机实例后,vlan2的2.0网段的同网段所有用户都可以访问虚拟机实例,但是vlan1的1.0网络的用户不能访问虚拟机实例,但是vlan1的1.0网络的用户可访问vlan2的controller及node1服务器没有问题。iptables规则是允许的都
iptables规则:
[root@node1 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 27410 packets, 2659K bytes)
pkts bytes target prot opt in out source destination
743K 72M nova-compute-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
7 588 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
93 6684 ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
418K 370M nova-filter-top all -- * * 0.0.0.0/0 0.0.0.0/0
181K 12M nova-compute-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 29500 packets, 2572K bytes)
pkts bytes target prot opt in out source destination
814K 80M nova-filter-top all -- * * 0.0.0.0/0 0.0.0.0/0
798K 79M nova-compute-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain nova-compute-FORWARD (1 references)
pkts bytes target prot opt in out source destination
181K 12M ACCEPT all -- brq584698c8-d8 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * brq584698c8-d8 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67
Chain nova-compute-INPUT (1 references)
pkts bytes target prot opt in out source destination
5 2148 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67
Chain nova-compute-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-compute-inst-73 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
237K 358M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
79 9789 nova-compute-provider all -- * * 0.0.0.0/0 0.0.0.0/0
17 5637 ACCEPT udp -- * * 192.168.2.30 0.0.0.0/0 udp spt:67 dpt:68
19 1572 ACCEPT all -- * * 192.168.2.0/24 0.0.0.0/0
43 2580 nova-compute-sg-fallback all -- * * 0.0.0.0/0 0.0.0.0/0
Chain nova-compute-local (1 references)
pkts bytes target prot opt in out source destination
237K 358M nova-compute-inst-73 all -- * * 0.0.0.0/0 192.168.2.51
Chain nova-compute-provider (1 references)
pkts bytes target prot opt in out source destination
Chain nova-compute-sg-fallback (1 references)
pkts bytes target prot opt in out source destination
43 2580 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain nova-filter-top (2 references)
pkts bytes target prot opt in out source destination
1216K 449M nova-compute-local all -- * * 0.0.0.0/0 0.0.0.0/0 |
|
免费注册
发表于 2015-01-15 09:51