Comment 4 for bug 719798
Revision history for this message
| Hyunsun Moon (hyunsun-moon) wrote Re: Instance fails to access metadata server | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I've already tried iptables command and it didn't work for me.
The reason I need to access metadata server is for cloudpipe instance, get 'autorun.sh' from the server.
Here's my 'iptables -L' result. "cloud02" the hostname of API Server.
Something wrong?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere cloud02 tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ntp
nova_input all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-
Chain FORWARD (policy DROP)
target prot opt source destination
nova-local all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere 10.0.0.2 udp dpt:openvpn
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-
REJECT all -- anywhere anywhere reject-with icmp-port-
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
nova_forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nova-local all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
nova_output all -- anywhere anywhere
Chain nova-fallback (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain nova-inst-1 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
nova-sg-1 all -- anywhere anywhere
ACCEPT udp -- 10.0.0.1 anywhere udp spt:bootps dpt:bootpc
ACCEPT all -- 10.0.0.0/26 anywhere
nova-fallback all -- anywhere anywhere
Chain nova-local (2 references)
target prot opt source destination
nova-inst-1 all -- anywhere 10.0.0.3
Chain nova-sg-1 (1 references)
target prot opt source destination
Chain nova_forward (1 references)
target prot opt source destination
Chain nova_input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere cloud02 tcp dpt:8649
ACCEPT udp -- anywhere cloud02 udp dpt:8649
ACCEPT tcp -- anywhere cloud02 tcp dpt:www
ACCEPT tcp -- anywhere cloud02 tcp dpt:https
ACCEPT tcp -- anywhere cloud02 tcp dpt:3333
ACCEPT tcp -- anywhere cloud02 tcp dpt:8773
ACCEPT tcp -- anywhere cloud02 tcp dpt:6379
ACCEPT tcp -- anywhere cloud02 tcp dpt:mysql
ACCEPT tcp -- anywhere cloud02 tcp dpt:4369
ACCEPT tcp -- anywhere cloud02 tcp dpt:amqp
ACCEPT tcp -- anywhere cloud02 tcp dpt:53284
ACCEPT tcp -- 10.0.0.0/12 anywhere tcp dpt:domain
ACCEPT udp -- 10.0.0.0/12 anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere cloud02 tcp dpt:ldap
Chain nova_output (1 references)
target prot opt source destination