日志
手动给OpenStack计算节点设置iptables链和规则
开放虚拟机的vnc端口,dns,bootps等端口。建立nova-compute和nova-network所需的链及规则.手工添加和创建虚拟机时候效果一样。
iptables -I INPUT 1 -p tcp -m multiport --dport 5900:6200,53 -j ACCEPT
iptables -I INPUT 1 -p udp -m multiport --dport 53,67 -j ACCEPT
iptables -t filter -N nova-compute-FORWARD
iptables -t filter -N nova-compute-INPUT
iptables -t filter -N nova-compute-OUTPUT
iptables -t filter -N nova-compute-inst
iptables -t filter -N nova-compute-local
iptables -t filter -N nova-compute-provider
iptables -t filter -N nova-compute-sg-fallback
iptables -t filter -A INPUT -j nova-compute-INPUT
iptables -t filter -A FORWARD -j nova-compute-FORWARD
iptables -t filter -A OUTPUT -j nova-compute-OUTPUT
iptables -t filter -A nova-compute-sg-fallback -j DROP
iptables -t filter -A nova-filter-top -j nova-compute-local
iptables -t filter -A nova-network-FORWARD -i br100 -j ACCEPT
iptables -t filter -A nova-network-FORWARD -o br100 -j ACCEPT
iptables -t filter -A nova-network-INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
iptables -t filter -A nova-network-INPUT -i br100 -p tcp -m tcp --dport 67 -j ACCEPT
iptables -t filter -A nova-network-INPUT -i br100 -p udp -m udp --dport 53 -j ACCEPT
iptables -t filter -A nova-network-INPUT -i br100 -p tcp -m tcp --dport 53 -j ACCEPT
iptables -t nat -N nova-compute-OUTPUT
iptables -t nat -N nova-compute-POSTROUTING
iptables -t nat -N nova-compute-PREROUTING
iptables -t nat -N nova-compute-float-snat
iptables -t nat -N nova-compute-snat
iptables -t nat -A PREROUTING -j nova-compute-PREROUTING
iptables -t nat -A POSTROUTING -j nova-compute-POSTROUTING
iptables -t nat -A OUTPUT -j nova-compute-OUTPUT
iptables -t nat -A nova-compute-snat -j nova-compute-float-snat
iptables -t nat -A nova-postrouting-bottom -j nova-compute-snat
/etc/init.d/iptables save
/2 
