Ask Your Question

Instance cannot connect to "public" lan, but can connect to the internet

asked 2012-04-24 14:52:08 -0500

I have a multi-node openstack essex installation on ubuntu 12.04.

The control node runs nova-api, glance, keystone, etc. The compute node runs nova-compute, nova-network

Launching instances works fine, they boot and run as expected. They can ping ( but cannot connect to anything on the office lan.

Network configuration: "office lan" Instance vlans (20 vlan within that space)

The compute and control nodes have dual nic, eth0 being on the office lan, eth1 on their private network (physically separated network).

Office lan machines can connect to instances using their floating ip. Instances cannot connect to anything on the office lan.

It seems a nat/forward rule is missing on the compute node to let instances connect to the office lan.

Nat rules on the compute node:

DNAT all -- to: DNAT udp -- udp dpt:1000 to: DNAT all -- to: ACCEPT all -- ! ctstate DNAT DNAT tcp -- tcp dpt:80 to: DNAT all -- to: DNAT udp -- udp dpt:1000 to: DNAT all -- to: SNAT all -- to: SNAT all -- to: SNAT all -- to:

Routes on the compute node default firewall001.hq. UG 0 0 0 eth0 * U 0 0 0 eth0 * U 0 0 0 br100 * U 0 0 0 virbr0

ip addr output 1: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo inet scope link lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:30:48:f9:d5:98 brd ff:ff:ff:ff:ff:ff inet brd scope global eth0 inet scope global eth0 inet 10.0.253 ... (more)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2012-04-24 15:34:11 -0500

Okay, seems like i had a routing issue on the compute node.

Moving all the vlans to range made requests on the work.

Still unsure why it wasn't working before.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-04-24 14:52:08 -0500

Seen: 13 times

Last updated: Apr 24 '12