Default iptables does not allow ssh service in overcloud nodes

Solution In Progress - Updated -

Issue

  • Overcloud nodes node created has following iptables list created by default:
[root@overcloud-compute-0 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* 000 accept related established rules ipv4 */
ACCEPT     icmp --  anywhere             anywhere             state NEW /* 001 accept all icmp ipv4 */
ACCEPT     all  --  anywhere             anywhere             state NEW /* 002 accept all to lo interface ipv4 */
ACCEPT     udp  --  anywhere             anywhere             multiport dports ntp state NEW /* 105 ntp ipv4 */
ACCEPT     tcp  --  anywhere             anywhere             multiport dports down state NEW /* 113 nova_migration_target ipv4 */
ACCEPT     udp  --  anywhere             anywhere             multiport dports 4789 state NEW /* 118 neutron vxlan networks ipv4 */
ACCEPT     gre  --  anywhere             anywhere             /* 136 neutron gre networks ipv4 */
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 16514,61152:61215,rfb:6923 state NEW /* 200 nova_libvirt ipv4 */
LOG        all  --  anywhere             anywhere             state NEW /* 998 log all ipv4 */ LOG level warning
DROP       all  --  anywhere             anywhere             state NEW /* 999 drop all ipv4 */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   
  • Please provide procedure to enable ssh service in iptables by default

  • Trying to ssh to those nodes will simply get stuck on forever.

Environment

  • Red Hat OpenStack Platform 13.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In