Skip to content

Instantly share code, notes, and snippets.

@hagix9

hagix9/gist:7c55ff1eb91d1009f42e

Created August 8, 2014 13:02
Show Gist options
  • Save hagix9/7c55ff1eb91d1009f42e to your computer and use it in GitHub Desktop.
Save hagix9/7c55ff1eb91d1009f42e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
root@stack01 ~(keystone)# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
neutron-openvswi-INPUT all -- anywhere anywhere
nova-api-INPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-openvswi-FORWARD all -- anywhere anywhere
nova-filter-top all -- anywhere anywhere
nova-api-FORWARD all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-openvswi-OUTPUT all -- anywhere anywhere
nova-filter-top all -- anywhere anywhere
nova-api-OUTPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain neutron-filter-top (2 references)
target prot opt source destination
neutron-openvswi-local all -- anywhere anywhere
Chain neutron-openvswi-FORWARD (1 references)
target prot opt source destination
neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-out tapd59cf195-9b --physdev-is-bridged
neutron-openvswi-sg-chain all -- anywhere anywhere PHYSDEV match --physdev-in tapd59cf195-9b --physdev-is-bridged
Chain neutron-openvswi-INPUT (1 references)
target prot opt source destination
neutron-openvswi-od59cf195-9 all -- anywhere anywhere PHYSDEV match --physdev-in tapd59cf195-9b --physdev-is-bridged
Chain neutron-openvswi-OUTPUT (1 references)
target prot opt source destination
Chain neutron-openvswi-id59cf195-9 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
RETURN all -- anywhere anywhere state RELATED,ESTABLISHED
RETURN tcp -- anywhere anywhere tcp dpt:ssh
RETURN all -- 192.168.10.152 anywhere
RETURN icmp -- anywhere anywhere
RETURN udp -- 192.168.10.151 anywhere udp spt:bootps dpt:bootpc
neutron-openvswi-sg-fallback all -- anywhere anywhere
Chain neutron-openvswi-local (1 references)
target prot opt source destination
Chain neutron-openvswi-od59cf195-9 (2 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp spt:bootpc dpt:bootps
neutron-openvswi-sd59cf195-9 all -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:bootps dpt:bootpc
DROP all -- anywhere anywhere state INVALID
RETURN all -- anywhere anywhere state RELATED,ESTABLISHED
RETURN all -- anywhere anywhere
neutron-openvswi-sg-fallback all -- anywhere anywhere
Chain neutron-openvswi-sd59cf195-9 (1 references)
target prot opt source destination
RETURN all -- 192.168.10.153 anywhere MAC FA:16:3E:C1:D2:65
DROP all -- anywhere anywhere
Chain neutron-openvswi-sg-chain (2 references)
target prot opt source destination
neutron-openvswi-id59cf195-9 all -- anywhere anywhere PHYSDEV match --physdev-out tapd59cf195-9b --physdev-is-bridged
neutron-openvswi-od59cf195-9 all -- anywhere anywhere PHYSDEV match --physdev-in tapd59cf195-9b --physdev-is-bridged
ACCEPT all -- anywhere anywhere
Chain neutron-openvswi-sg-fallback (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain nova-api-FORWARD (1 references)
target prot opt source destination
Chain nova-api-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere stack01 tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-local (1 references)
target prot opt source destination
Chain nova-filter-top (2 references)
target prot opt source destination
nova-api-local all -- anywhere anywhere
root@stack01 ~(keystone)# brctl show
bridge name bridge id STP enabled interfaces
qbrd59cf195-9b 8000.22512b5681ba no qvbd59cf195-9b
tapd59cf195-9b
virbr0 8000.000000000000 yes
root@stack01 ~(keystone)# ovs-vsctl show
87860b3f-c2a6-4270-b828-8450fd732aa6
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex
Port "eth0"
Interface "eth0"
Bridge br-int
Port "tap75da8618-33"
tag: 1
Interface "tap75da8618-33"
type: internal
Port int-br-ex
Interface int-br-ex
Port br-int
Interface br-int
type: internal
Port "qvod59cf195-9b"
tag: 1
Interface "qvod59cf195-9b"
ovs_version: "2.0.1"
root@stack01 ~(keystone)# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:08:aa:9e brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:5b:c8:af brd ff:ff:ff:ff:ff:ff
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
link/ether e6:2d:c6:96:85:c9 brd ff:ff:ff:ff:ff:ff
5: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 06:c1:44:1d:c8:4b brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether aa:c9:ff:6b:d0:17 brd ff:ff:ff:ff:ff:ff
7: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 7e:e7:5b:7f:28:43 brd ff:ff:ff:ff:ff:ff
13: phy-br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 8e:b6:17:a8:1e:46 brd ff:ff:ff:ff:ff:ff
14: int-br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 42:79:6a:ba:a0:80 brd ff:ff:ff:ff:ff:ff
15: qbrd59cf195-9b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 22:51:2b:56:81:ba brd ff:ff:ff:ff:ff:ff
16: qvod59cf195-9b: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 72:b2:4c:fa:49:f3 brd ff:ff:ff:ff:ff:ff
17: qvbd59cf195-9b: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrd59cf195-9b state UP mode DEFAULT group default qlen 1000
link/ether 22:51:2b:56:81:ba brd ff:ff:ff:ff:ff:ff
18: tapd59cf195-9b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrd59cf195-9b state UNKNOWN mode DEFAULT group default qlen 500
link/ether fe:16:3e:c1:d2:65 brd ff:ff:ff:ff:ff:ff
root@stack01 ~(keystone)# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:08:aa:9e brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:5b:c8:af brd ff:ff:ff:ff:ff:ff
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
link/ether e6:2d:c6:96:85:c9 brd ff:ff:ff:ff:ff:ff
5: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 06:c1:44:1d:c8:4b brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether aa:c9:ff:6b:d0:17 brd ff:ff:ff:ff:ff:ff
7: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 7e:e7:5b:7f:28:43 brd ff:ff:ff:ff:ff:ff
13: phy-br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 8e:b6:17:a8:1e:46 brd ff:ff:ff:ff:ff:ff
14: int-br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 42:79:6a:ba:a0:80 brd ff:ff:ff:ff:ff:ff
15: qbrd59cf195-9b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 22:51:2b:56:81:ba brd ff:ff:ff:ff:ff:ff
16: qvod59cf195-9b: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP mode DEFAULT group default qlen 1000
link/ether 72:b2:4c:fa:49:f3 brd ff:ff:ff:ff:ff:ff
17: qvbd59cf195-9b: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrd59cf195-9b state UP mode DEFAULT group default qlen 1000
link/ether 22:51:2b:56:81:ba brd ff:ff:ff:ff:ff:ff
18: tapd59cf195-9b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrd59cf195-9b state UNKNOWN mode DEFAULT group default qlen 500
link/ether fe:16:3e:c1:d2:65 brd ff:ff:ff:ff:ff:ff
root@stack01 ~(keystone)#
root@stack01 ~(keystone)# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.10.1 0.0.0.0 UG 0 0 0 br-ex
192.168.10.0 * 255.255.255.0 U 0 0 0 br-ex
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
root@stack01 ~(keystone)# neutron net-list
+--------------------------------------+------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------------+------------------------------------------------------+
| d8350922-0461-45c2-8ae6-36b2bb430fca | sharednet1 | 40fa3280-c9ec-4b4f-b924-e7525eaf07c3 192.168.10.0/24 |
+--------------------------------------+------------+------------------------------------------------------+
root@stack01 ~(keystone)# neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 56c849eb-62e9-402a-81e4-2d94898d2cf9 | | fa:16:3e:05:8c:68 | {"subnet_id": "40fa3280-c9ec-4b4f-b924-e7525eaf07c3", "ip_address": "192.168.10.152"} |
| 75da8618-33d2-4c50-9aa8-9c202d6f6a66 | | fa:16:3e:d3:ee:da | {"subnet_id": "40fa3280-c9ec-4b4f-b924-e7525eaf07c3", "ip_address": "192.168.10.151"} |
| d59cf195-9bb6-4f99-a768-f4ad8bdb8db6 | | fa:16:3e:c1:d2:65 | {"subnet_id": "40fa3280-c9ec-4b4f-b924-e7525eaf07c3", "ip_address": "192.168.10.153"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
root@stack01 ~(keystone)# neutron subnet-list
+--------------------------------------+------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+------+-----------------+------------------------------------------------------+
| 40fa3280-c9ec-4b4f-b924-e7525eaf07c3 | | 192.168.10.0/24 | {"start": "192.168.10.151", "end": "192.168.10.200"} |
+--------------------------------------+------+-----------------+------------------------------------------------------+
root@stack01:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 100.100.100.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 100.100.100.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment