Cannot access to instance from my physical device

asked 2019-11-13 01:03:13 -0600

Minh Hoang gravatar image

Hello everyone, I am an Openstack newbie. Here I have a public network(172.24.4.0/24) and an internal network(10.0.2.0/24). Both of them are connected to a router. Inside the internal network I have a Cirros instance. I also associated this to a floating IP from public network(172.24.4.x). Now how can I access to this instance from my physical device(have 192.168.x.x address)? From my instance & physical device I can ping 172.24.4.1, but I can't ping from my device to instance or from instace to my device. Thanks a lot!

edit retag flag offensive close merge delete

Comments

By default, all traffic into instances is blocked. Add ICMP to the instance's security group to allow access.

My guess is that your instance can't access the device 192.168.x.y because the public network is not routed to it.

How did you create your cloud?

Bernd Bausch gravatar imageBernd Bausch ( 2019-11-13 19:04:54 -0600 )edit

I added ICMP rule in my instance's group security as you said. But I still can't ping to my instance. I created my cloud normally. After init stack, there are 2 networks: public(172.24.4.0/24) and private(10.0.0.0/14?). So I linked them between a router. My instance placed inside private network.

Minh Hoang gravatar imageMinh Hoang ( 2019-11-14 06:15:25 -0600 )edit

I created my cloud normally

There is no "normal" method for creating a cloud. To help you, it would help me knowing how you created it.

You did not link the 172 network to the 198 network, I suppose.

Bernd Bausch gravatar imageBernd Bausch ( 2019-11-14 06:38:35 -0600 )edit

As I know, the public network(172.24) bridged from my physical device(br-ex). So how can I link between them?

Minh Hoang gravatar imageMinh Hoang ( 2019-11-14 07:09:04 -0600 )edit

I don't know, because I don't know how you set up the cloud.

To give the instance access to 192 addresses, you can make 192 the external network or place a router between 172 and 192. The router can be implemented with iptables, I think, but you risk interference with OpenStack's iptables setup.

Bernd Bausch gravatar imageBernd Bausch ( 2019-11-14 09:21:07 -0600 )edit