That's an interesting issue. By default, the Neutron router grabs an IP from the external provider network will source NAT all traffic from VMs without a floating IP as that address. Couple of questions:

  • Is your external provider network a non-RFC1918 network, meaning the addresses are publicly routable?
  • Or is it an RFC1918 network? If so, do the other addresses in the network have some kind of external NAT that is responsible for translating them to an Internet-routable address?
  • Can you reach the instance via floating IP from within your network?
  • Can the instance reach resources within your network, even though it can't reach the Internet?