openstack/nova
Code Issues Proposed changes
Files
46401ef6665d473b51a781a566a29b7b24eb711f
nova/doc/source/admin/default-ports.rst
chenxing 575b529118 doc: Import administration guide 
Import all docs from openstack-manuals.

Part of bp: doc-migration

Change-Id: I28bb8ce1f4a8653f176a554d2e95b4423c437972
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
2017-08-04 07:00:45 -04:00

1.1 KiB
Raw Blame History

Compute service node firewall requirements

Console connections for virtual machines, whether direct or through a proxy, are received on ports 5900 to 5999. The firewall on each Compute service node must allow network traffic on these ports.

This procedure modifies the iptables firewall to allow incoming connections to the Compute services.

Configuring the service-node firewall

  1. Log in to the server that hosts the Compute service, as root.

  2. Edit the /etc/sysconfig/iptables file, to add an INPUT rule that allows TCP traffic on ports from 5900 to 5999. Make sure the new rule appears before any INPUT rules that REJECT traffic:

    -A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT

  3. Save the changes to the /etc/sysconfig/iptables file, and restart the iptables service to pick up the changes:

    $ service iptables restart

  4. Repeat this process for each Compute service node.