openstack/openstack-manuals
Code Issues Proposed changes
9ec197c23d
openstack-manuals/doc/common/section_compute_config-firewalls.xml
Christian Berendt b2235bf3fb Unified the syntax of the XML root element (common) 
Execluded all XML files in the directory doc/common/tables because
they are autogenerated.

The XML root element of Docbook XML files should match the following
format:

<ELEMENT xmlns="http://docbook.org/ns/docbook"
  xmlns:xi="http://www.w3.org/2001/XInclude"
  xmlns:xlink="http://www.w3.org/1999/xlink"
  version="5.0"
  xml:id="THE_XML_ID_OF_THE_ELEMENT">

Change-Id: If12091be81ec8b2e6e53bfcb4c3a883a65e24736
2014-07-09 22:23:03 +02:00

48 lines
2.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="default_ports">
<title>Compute service node firewall requirements</title>
<para>Console connections for virtual machines, whether direct or through a proxy, are received
on ports <literal>5900</literal> to <literal>5999</literal>. You must configure the firewall
on each Compute service node to enable network traffic on these ports.</para>
<procedure>
<title>Configure the service-node firewall</title>
<step><para>On the server that hosts the Compute service, log in as <systemitem>root</systemitem>.</para></step>
<step>
<para>
Edit the <filename>/etc/sysconfig/iptables</filename>
file.
</para>
</step>
<step>
<para>
Add an INPUT rule that allows TCP traffic on ports
that range from <literal>5900</literal> to
<literal>5999</literal>:
</para>
<programlisting language="ini">-A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT</programlisting>
<para>
The new rule must appear before any INPUT rules that
REJECT traffic.
</para>
</step>
<step>
<para>
Save the changes to the
<filename>/etc/sysconfig/iptables</filename> file.
</para>
</step>
<step>
<para>
Restart the <systemitem>iptables</systemitem> service
to ensure that the change takes effect.
</para>
<screen><prompt>$</prompt> <userinput>service iptables restart</userinput></screen>
</step>
</procedure>
<para>The <systemitem>iptables</systemitem> firewall now enables incoming connections to the
Compute services. Repeat this process for each Compute service node.</para>
</section>
View Git Blame Copy Permalink