Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hello, I have just tried the following: In a computer in the external network (192.168.102.227) and in my host server I executed the following command:

sudo tcpdump -i any -n -v \ 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] =icmp-echo'

In .102.227 I see two main messages (with some tests now my instance IP ends with .1.6):

01:03:41.929464 IP (tos 0x0, ttl 63, id 23514, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.1.6 > 192.168.102.227: ICMP echo request, id 26881, seq 0, length 64

01:03:41.929484 IP (tos 0x0, ttl 64, id 52031, offset 0, flags [none], proto ICMP (1), length 84)
192.168.102.227 > 192.168.1.6: ICMP echo reply, id 26881, seq 0, length 64

However, in my host, I only see the path 192.168.1.6 > 192.168.102.227. So, actually, my instance CAN connect to external network!! But not the other way around.

I think that's because in .102.227 he tries to answer the ping with a packet to .1.6 but, of course, there is no route for that (as it is a private network) and not even the host receives that ping answer.

In the meantime I also configured a floating IP for my instance, but it seems not with that is working...

$ nova list
+--------------------------------------+----------------+--------+------------+-------------+---------------------------------------+
| ID                                   | Name           | Status | Task State | Power State | Networks                              |
+--------------------------------------+----------------+--------+------------+-------------+---------------------------------------+
| 4a960a1d-d3d5-4f73-86fc-827efa94230d | demo-instance1 | ACTIVE | -          | Running     | demo-net=192.168.1.6, 192.168.102.231 |

So, my router is not making real NAT, right? Any idea how can I configure this? :(

Hello, I have just tried the following: In a computer in the external network (192.168.102.227) and in my host server I executed the following command:

sudo tcpdump -i any -n -v \ 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] =icmp-echo'

In .102.227 I see two main messages (with some tests now my instance IP ends with .1.6):

01:03:41.929464 IP (tos 0x0, ttl 63, id 23514, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.1.6 > 192.168.102.227: ICMP echo request, id 26881, seq 0, length 64

01:03:41.929484 IP (tos 0x0, ttl 64, id 52031, offset 0, flags [none], proto ICMP (1), length 84)
192.168.102.227 > 192.168.1.6: ICMP echo reply, id 26881, seq 0, length 64

However, in my host, I only see the path 192.168.1.6 > 192.168.102.227. So, actually, my instance CAN connect to external network!! But not the other way around.

I think that's because in .102.227 he tries to answer the ping with a packet to .1.6 but, of course, there is no route for that (as it is a private network) and not even the host receives that ping answer.

In the meantime I also configured a floating IP for my instance, but it seems not with that is working...

$ nova list
+--------------------------------------+----------------+--------+------------+-------------+---------------------------------------+
| ID                                   | Name           | Status | Task State | Power State | Networks                              |
+--------------------------------------+----------------+--------+------------+-------------+---------------------------------------+
| 4a960a1d-d3d5-4f73-86fc-827efa94230d | demo-instance1 | ACTIVE | -          | Running     | demo-net=192.168.1.6, 192.168.102.231 |

:

$ neutron floatingip-list
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id                                   | fixed_ip_address | floating_ip_address | port_id                              |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 7038502d-7c6a-4976-aaf9-b48f23deb180 | 192.168.1.6      | 192.168.102.231     | d8719add-76f5-4efd-91fe-77ccfa99c127 |
+--------------------------------------+------------------+---------------------+--------------------------------------+

:

$ neutron router-port-list demo-router
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                              |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| 0aa518a3-3efb-4373-9bdf-2ef195b6d3e6 |      | fa:16:3e:fe:2e:f8 | {"subnet_id": "5272a1b6-7d77-4b3b-94dd-9ae5edfc3106", "ip_address": "192.168.102.230"} |
| d72ce566-06a5-4fcd-9421-c85d9f9a87ce |      | fa:16:3e:53:04:c5 | {"subnet_id": "7857decc-dc25-4372-8072-1d3e34a07724", "ip_address": "192.168.1.1"}     |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+

So, my router is not making real NAT, right? Any idea how can I configure this? :(