Browse code
Move the firewall disable section into a misc section
It broke the flow of the section it was in.
Change-Id: I4c6ec7ccbe7e856600037eb5a3a73863319aa232
Sean M. Collins authored on 2015/10/07 01:45:06Showing 1 changed files
| ... | ... |
@@ -125,39 +125,6 @@ connectivity. |
| 125 | 125 |
|
| 126 | 126 |
|
| 127 | 127 |
|
| 128 |
-Disabling Next Generation Firewall Tools |
|
| 129 |
-======================================== |
|
| 130 |
- |
|
| 131 |
-DevStack does not properly operate with modern firewall tools. Specifically |
|
| 132 |
-it will appear as if the guest VM can access the external network via ICMP, |
|
| 133 |
-but UDP and TCP packets will not be delivered to the guest VM. The root cause |
|
| 134 |
-of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's |
|
| 135 |
-firewall manager) apply firewall rules to all interfaces in the system, rather |
|
| 136 |
-then per-device. One solution to this problem is to revert to iptables |
|
| 137 |
-functionality. |
|
| 138 |
- |
|
| 139 |
-To get a functional firewall configuration for Fedora do the following: |
|
| 140 |
- |
|
| 141 |
-:: |
|
| 142 |
- |
|
| 143 |
- sudo service iptables save |
|
| 144 |
- sudo systemctl disable firewalld |
|
| 145 |
- sudo systemctl enable iptables |
|
| 146 |
- sudo systemctl stop firewalld |
|
| 147 |
- sudo systemctl start iptables |
|
| 148 |
- |
|
| 149 |
- |
|
| 150 |
-To get a functional firewall configuration for distributions containing ufw, |
|
| 151 |
-disable ufw. Note ufw is generally not enabled by default in Ubuntu. To |
|
| 152 |
-disable ufw if it was enabled, do the following: |
|
| 153 |
- |
|
| 154 |
-:: |
|
| 155 |
- |
|
| 156 |
- sudo service iptables save |
|
| 157 |
- sudo ufw disable |
|
| 158 |
- |
|
| 159 |
- |
|
| 160 |
- |
|
| 161 | 128 |
|
| 162 | 129 |
Neutron Networking with Open vSwitch |
| 163 | 130 |
==================================== |
| ... | ... |
@@ -301,3 +268,41 @@ For example, with the above configuration, a bridge is |
| 301 | 301 |
created, named `br-ex` which is managed by Open vSwitch, and the |
| 302 | 302 |
second interface on the compute node, `eth1` is attached to the |
| 303 | 303 |
bridge, to forward traffic sent by guest VMs. |
| 304 |
+ |
|
| 305 |
+Miscellaneous Tips |
|
| 306 |
+================== |
|
| 307 |
+ |
|
| 308 |
+ |
|
| 309 |
+Disabling Next Generation Firewall Tools |
|
| 310 |
+---------------------------------------- |
|
| 311 |
+ |
|
| 312 |
+DevStack does not properly operate with modern firewall tools. Specifically |
|
| 313 |
+it will appear as if the guest VM can access the external network via ICMP, |
|
| 314 |
+but UDP and TCP packets will not be delivered to the guest VM. The root cause |
|
| 315 |
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's |
|
| 316 |
+firewall manager) apply firewall rules to all interfaces in the system, rather |
|
| 317 |
+then per-device. One solution to this problem is to revert to iptables |
|
| 318 |
+functionality. |
|
| 319 |
+ |
|
| 320 |
+To get a functional firewall configuration for Fedora do the following: |
|
| 321 |
+ |
|
| 322 |
+:: |
|
| 323 |
+ |
|
| 324 |
+ sudo service iptables save |
|
| 325 |
+ sudo systemctl disable firewalld |
|
| 326 |
+ sudo systemctl enable iptables |
|
| 327 |
+ sudo systemctl stop firewalld |
|
| 328 |
+ sudo systemctl start iptables |
|
| 329 |
+ |
|
| 330 |
+ |
|
| 331 |
+To get a functional firewall configuration for distributions containing ufw, |
|
| 332 |
+disable ufw. Note ufw is generally not enabled by default in Ubuntu. To |
|
| 333 |
+disable ufw if it was enabled, do the following: |
|
| 334 |
+ |
|
| 335 |
+:: |
|
| 336 |
+ |
|
| 337 |
+ sudo service iptables save |
|
| 338 |
+ sudo ufw disable |
|
| 339 |
+ |
|
| 340 |
+ |
|
| 341 |
+ |