8e9507bf9a
This change moves the .rst files into the main adming-guide-cloud folder now conversion is complete. changes to the project config and to the openstack manuals to stop sync of .xml files are also needed. Change-Id: I498e8d6ac3cb80da413e23b14a0959abd58e7d79 Implements: blueprint reorganise-user-guides
34 lines
1.1 KiB
ReStructuredText
34 lines
1.1 KiB
ReStructuredText
.. _default_ports:
|
|
|
|
==========================================
|
|
Compute service node firewall requirements
|
|
==========================================
|
|
|
|
Console connections for virtual machines, whether direct or through a
|
|
proxy, are received on ports ``5900`` to ``5999``. The firewall on each
|
|
Compute service node must allow network traffic on these ports.
|
|
|
|
This procedure modifies the iptables firewall to allow incoming
|
|
connections to the Compute services.
|
|
|
|
**Configuring the service-node firewall**
|
|
|
|
#. Log in to the server that hosts the Compute service, as root.
|
|
|
|
#. Edit the :file:`/etc/sysconfig/iptables` file, to add an INPUT rule that
|
|
allows TCP traffic on ports from ``5900`` to ``5999``. Make sure the new
|
|
rule appears before any INPUT rules that REJECT traffic:
|
|
|
|
.. code:: ini
|
|
|
|
-A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT
|
|
|
|
#. Save the changes to :file:`/etc/sysconfig/iptables` file, and restart the
|
|
iptables service to pick up the changes:
|
|
|
|
.. code:: console
|
|
|
|
$ service iptables restart
|
|
|
|
#. Repeat this process for each Compute service node.
|