Security group no effect....

Is this on the same host ? i.e. are you trying to connect from the host that runs nova-compute and/or nova-network ? Could you try the same from a separate client host ?

Actually , I always try to connect instance from a separate client which is
my laptop.
I'll have some more test in two days. While I confirm this issue , will have
a detail report for my topology and specs.

Cheers
Hugo Kuo

2011/7/8 Thierry Carrez <email address hidden>

> Is this on the same host ? i.e. are you trying to connect from the host
> that runs nova-compute and/or nova-network ? Could you try the same from
> a separate client host ?
>
> ** Changed in: nova
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/802894
>
> Title:
> Security group no effect....
>
> Status in OpenStack Compute (Nova):
> Incomplete
>
> Bug description:
> Nova Version: 2011.3~d2~20110625.1215-0ubuntu0ppa1~natty1
>
> Even though that there's no any security rule been set. I still can
> connect to the port.
>
> For example
>
> The instance has only open port 22 ....
> -A nova-compute-inst-13 -p tcp -m tcp --dport 22 -j ACCEPT
>
>
> But I still can curl the instance from 80 port...
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/nova/+bug/802894/+subscriptions
>

--
Hugo Kuo@AMI. TW-CCG

Could some one have a test for this bug....
With FlatDHCP
Just make a new deployment of NOVA ......And plz don't set security group first, Let the instance using empty DEFAULT.

While you fire up a instance , plz verify the instance is complete running . Then have a try with ICMP and SSH.....

In my test , instance could be access from same private network's client host.
That's weird , it should not be access wherever before the security rule been set.

Cheers
Hugo Kuo

Can you try setting: --noallow_project_net_traffic
to see if that solves the problem.

(perhaps we should default that flag to false)

Vish

On Jul 26, 2011, at 3:37 AM, Hugo Kou wrote:

> Could some one have a test for this bug....
> With FlatDHCP
> Just make a new deployment of NOVA ......And plz don't set security group first, Let the instance using empty DEFAULT.
>
> While you fire up a instance , plz verify the instance is complete
> running . Then have a try with ICMP and SSH.....
>
> In my test , instance could be access from same private network's client host.
> That's weird , it should not be access wherever before the security rule been set.
>
> Cheers
> Hugo Kuo
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https://bugs.launchpad.net/bugs/802894
>
> Title:
> Security group no effect....
>
> Status in OpenStack Compute (Nova):
> Incomplete
>
> Bug description:
> Nova Version: 2011.3~d2~20110625.1215-0ubuntu0ppa1~natty1
>
> Even though that there's no any security rule been set. I still can
> connect to the port.
>
> For example
>
> The instance has only open port 22 ....
> -A nova-compute-inst-13 -p tcp -m tcp --dport 22 -j ACCEPT
>
>
> But I still can curl the instance from 80 port...
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/nova/+bug/802894/+subscriptions

@Hugo: could you try Vish's suggestion ?

I'm in vocation now , and join new team @ Sep,
I'll give it a try.

Thakns

Hugo Kuo

2011/8/19 Thierry Carrez <email address hidden>

> @Hugo: could you try Vish's suggestion ?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/802894
>
> Title:
> Security group no effect....
>
> Status in OpenStack Compute (Nova):
> Incomplete
>
> Bug description:
> Nova Version: 2011.3~d2~20110625.1215-0ubuntu0ppa1~natty1
>
> Even though that there's no any security rule been set. I still can
> connect to the port.
>
> For example
>
> The instance has only open port 22 ....
> -A nova-compute-inst-13 -p tcp -m tcp --dport 22 -j ACCEPT
>
>
> But I still can curl the instance from 80 port...
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/nova/+bug/802894/+subscriptions
>

--
Hugo Kuo@AMI. TW-CCG

We cannot solve the issue you reported without more information. Could you please provide the requested information ?

ttx .....
Will provide more info on Mon.
Thanks for your remind..

--noallow_project_net_traffic=false
seems not working , I still can ping it from fixed ip

The allow_same_net_traffic flag appears to work fine even in my diablo/stable install.

Assuming this pre-diablo-starting bug is actually solved, marking as "fix released" - please re-open if you can reproduce problems ;)

LinkedIn
------------

Bug,

I'd like to add you to my professional network on LinkedIn.

- Hugo

Hugo Kuo
Software Engineer at Cloudena Corp. Taiwan
Taiwan

Confirm that you know Hugo Kuo:
https://www.linkedin.com/e/5xdz5z-havv6oia-2w/isd/10104617524/brmzP8MP/?hs=false&tok=20GpAfyWDaQlw1

--
You are receiving Invitation to Connect emails. Click to unsubscribe:
http://www.linkedin.com/e/5xdz5z-havv6oia-2w/dBi2FwTjQ6Dmid4VlHNUqg6jOUKIL6xCgI_eLnI/goo/802894%40bugs%2Elaunchpad%2Enet/20061/I3366191897_1/?hs=false&tok=3LWouN3TvaQlw1

(c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA.