Ask Your Question
1

Urgent : VMs can't access the external network

asked 2013-04-20 14:58:24 -0500

a-s-o-anas gravatar image

updated 2015-09-08 09:30:59 -0500

My install is as follow : - two physical nodes, each with two NICs (one for management network, and the other for Data network (VMs) ) - OpenStack Folsom - OS : CentOS 6.4 - L2 plugin : Linuxbridge - namespaces=False - dhcp-agent is running on the controller node (all openstack services : nova, glance, cinder, quantum-server, ...) - l3-agent is runnig on the compute node - Floating IPs rang : 192.168.224.224 --> 192.168.224.2 ; cidr=192.168.224.0/24 ; gateway=192.168.224.254 - Fixed IPs rang : 172.16.1.0/24

Output of my nat table :

[root@L3Agent ~]# iptables -t nat -nvL --line-numbers
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 quantum-l3-agent-PREROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 nova-compute-PREROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   556 quantum-l3-agent-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 nova-compute-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 nova-postrouting-bottom  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 quantum-postrouting-bottom  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 9 packets, 556 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   556 quantum-l3-agent-OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        9   556 nova-compute-OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain nova-compute-OUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain nova-compute-POSTROUTING (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain nova-compute-PREROUTING (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain nova-compute-float-snat (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain nova-compute-snat (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 nova-compute-float-snat  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain nova-postrouting-bottom (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 nova-compute-snat  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain quantum-l3-agent-OUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain quantum-l3-agent-POSTROUTING (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   556 ACCEPT     all  --  !qg-3d0ac89c-d8 !qg-3d0ac89c-d8  0.0.0.0/0            0.0.0.0/0           ! ctstate DNAT 

Chain quantum-l3-agent-PREROUTING (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain quantum-l3-agent-float-snat (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain quantum-l3-agent-snat (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 quantum-l3-agent-float-snat  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 SNAT       all  --  *      *       172.16.1.0/24        0 ...
(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2013-04-22 18:08:53 -0500

a-s-o-anas gravatar image

I got it work for while by deleting this entry in the nat table : Chain quantum-l3-agent-POSTROUTING

1 9 556 ACCEPT all -- !qg-3d0ac89c-d8 !qg-3d0ac89c-d8 0.0.0.0/0 0.0.0.0/0 ! ctstate DNAT

but the rules was added after some time. I guess Quantum restores its rules. So I have to change in the python files, but I don't know which one(s) is(are) responsible for this.

Can you help me please? I need to solve this problem as soon as possible

edit flag offensive delete link more
0

answered 2013-06-07 08:23:26 -0500

a-s-o-anas gravatar image

I think this may help : https://answers.launchpad.net/quantum/+question/228784 (https://answers.launchpad.net/quantum...) good luck

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-04-20 14:58:24 -0500

Seen: 172 times

Last updated: Sep 08 '15