Browse code
Ironic: Explicitly allow DHCP ports
This adds an iptables rule to allow ports 67 and 68. We see
occassionally dropped DHCP packets, which may be causing PXE failures in
ironic jobs.
I'm not 100% confident this fixes the issue, however I don't think it
can break anything and it rules out one theory.
Change-Id: I4630afb6f010a4c2cb146a79264c480c64c6e4b7
Related-Bug: #1393099
Jim Rollenhagen authored on 2015/11/07 05:37:32Showing 1 changed files
| ... | ... |
@@ -672,6 +672,8 @@ function configure_iptables {
|
| 672 | 672 |
# enable tftp natting for allowing connections to HOST_IP's tftp server |
| 673 | 673 |
sudo modprobe nf_conntrack_tftp |
| 674 | 674 |
sudo modprobe nf_nat_tftp |
| 675 |
+ # explicitly allow DHCP - packets are occassionally being dropped here |
|
| 676 |
+ sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true |
|
| 675 | 677 |
# nodes boot from TFTP and callback to the API server listening on $HOST_IP |
| 676 | 678 |
sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true |
| 677 | 679 |
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true |