openstack/openstack-manuals
Code Issues Proposed changes
18be804cdb
openstack-manuals/doc/common/section_compute_config-firewalls.xml
Summer Long cbc80898a6 Moved firewall section and restructured Compute section 
Moved firewall section from CRG Compute to CAG Compute.
Renamed log-file chapter to match other 'file' chapter.
Moved Compute sections into files to trim down the massive
Compute chapter file. Edited touched files.
In section_cli_nova_volumes.xml, added example and one new option.
In section_compute-rootwrap.xml, added note with
NFS share info.
In section_system-admin.xml:
* Added new services.
* Replaced deprecated nova-manage commands with nova.

Change-Id: Ie300a9ce25d305b80bb0b21d3cfc318909f3a123
2014-03-27 15:58:48 +10:00

47 lines
2.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="default_ports">
<title>Compute service node firewall requirements</title>
<para>Console connections for virtual machines, whether direct or through a proxy, are received
on ports <literal>5900</literal> to <literal>5999</literal>. You must configure the firewall
on each Compute service node to enable network traffic on these ports.</para>
<procedure>
<title>Configure the service-node firewall</title>
<step><para>On the server that hosts the Compute service, log in as <systemitem>root</systemitem>.</para></step>
<step>
<para>
Edit the <filename>/etc/sysconfig/iptables</filename>
file.
</para>
</step>
<step>
<para>
Add an INPUT rule that allows TCP traffic on ports
that range from <literal>5900</literal> to
<literal>5999</literal>:
</para>
<programlisting language="ini">-A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT</programlisting>
<para>
The new rule must appear before any INPUT rules that
REJECT traffic.
</para>
</step>
<step>
<para>
Save the changes to the
<filename>/etc/sysconfig/iptables</filename> file.
</para>
</step>
<step>
<para>
Restart the <systemitem>iptables</systemitem> service
to ensure that the change takes effect.
</para>
<screen><prompt>$</prompt> <userinput>service iptables restart</userinput></screen>
</step>
</procedure>
<para>The <systemitem>iptables</systemitem> firewall now enables incoming connections to the
Compute services. Repeat this process for each Compute service node.</para>
</section>
View Git Blame Copy Permalink