Ask Your Question
0

access VM from inside itself by its float IP, flatDHCP mode

asked 2012-03-20 12:20:12 -0500

novikov gravatar image

Hi I cannot ping or telnet/ssh/etc itself from running VM with floating IP assosiated by that floating(IPfl). All access from outside to IPfl or IPfixed goes well. I have --routing_source_ip=IPfl2 flag in conf and two interfaces on node(eth1 and br100 full auto configured by nova-network) .

kvm, flatDHCP, diablo 2011.3 release on Ubuntu x64

on node default route is nova_dhcpIP

iptables-save -A nova-network-OUTPUT -d IPfl/32 -j DNAT --to-destination 192.168.22.10 -A nova-network-PREROUTING -d IPfl/32 -j DNAT --to-destination 192.168.22.10 -A nova-network-POSTROUTING -s 192.168.22.0/24 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.22.0/24 -d 192.168.22.0/24 -j ACCEPT -A nova-network-floating-snat -s 192.168.22.10/32 -j SNAT --to-source IPfl -A nova-network-snat -s 192.168.22.0/24 -j SNAT --to-source IPfl2

-A nova-compute-inst-23 -m state --state INVALID -j DROP -A nova-compute-inst-23 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-23 -j nova-compute-provider -A nova-compute-inst-23 -s 192.168.22.5/32 -p udp -m udp --sport 67 --dport 68 - j ACCEPT -A nova-compute-inst-23 -s 192.168.22.0/24 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 1935 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 5080 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 3306 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 21 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 8080 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 3389 -j ACCEPT -A nova-compute-inst-23 -p tcp -m tcp --dport 80 -j ACCEPT -A nova-compute-inst-23 -j nova-compute-sg-fallback ... -A nova-compute-local -d 192.168.22.10/32 -j nova-compute-inst-23

What should I check? Any ideas, please! Thank you!

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2012-03-20 17:10:54 -0500

novikov gravatar image

Ok. Thank you, Vish! Need to add that to docs.

edit flag offensive delete link more
0

answered 2012-03-20 16:27:52 -0500

vishvananda gravatar image

This should work now that the fix for bug 933640 is in

On Mar 20, 2012, at 7:15 AM, Alexander Novikov wrote:

Question #191210 on OpenStack Compute (nova) changed: https://answers.launchpad.net/nova/+q...

Alexander Novikov gave more information on the question: Can somebody approve that this is the case of what is said in docs - "Note that you cannot SSH to an instance with a public IP from within the same server as the routing configuration won't allow it." (here http://docs.openstack.org/trunk/opens... /associating-public-ip.html )

And the only decision is to do it manually via smth like iptables/route in the VM itself? i.e route VM_realIP to VM_privateIP inside VM


You received this question notification because you are a member of Nova Core, which is an answer contact for OpenStack Compute (nova).

edit flag offensive delete link more
0

answered 2012-03-20 14:13:00 -0500

novikov gravatar image

Can somebody approve that this is the case of what is said in docs - "Note that you cannot SSH to an instance with a public IP from within the same server as the routing configuration won't allow it." (here http://docs.openstack.org/trunk/openstack-compute/admin/content/associating-public-ip.html (http://docs.openstack.org/trunk/opens...) )

And the only decision is to do it manually via smth like iptables/route in the VM itself? i.e route VM_realIP to VM_privateIP inside VM

edit flag offensive delete link more
0

answered 2012-03-20 15:35:14 -0500

novikov gravatar image

The probles was caused, that for example you have an http file/object server which make URL to objects like http://IP/object binded together with some web-service on that objects that need to access them via http locally and remotelly.

my real case: We have working implementation of some package on real node, but to make it work in the cloud we had to make object like innerIP and outerIP -i.e. some kind of change concept and code rewriting. To me it looks like this is not very rare case, especially if you not know exactly what must be public and what is localhost_like enough.

As a part of solution, I was adviced to use hostname(as of EC2 practice) which dnsmasq on nova-network give to an instance. In global world that must be done with real DNS, I think. So the case of use publicIP from within VM itself is rare. But if one cannot make DNS record for publicIP and want to access objects both from inside VM and from other service outside it(and mb outside the cloud at all) there still must be concept of inner and public IPs for objects URLs naming.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-03-20 12:20:12 -0500

Seen: 66 times

Last updated: Mar 20 '12