Ask Your Question
0

Instance cannot connect to "public" lan, but can connect to the internet

asked 2012-04-24 14:52:08 -0500

I have a multi-node openstack essex installation on ubuntu 12.04.

The control node runs nova-api, glance, keystone, etc. The compute node runs nova-compute, nova-network

Launching instances works fine, they boot and run as expected. They can ping http://google.com/yahoo.com (google.com/yahoo.com) but cannot connect to anything on the office lan.

Network configuration: 10.0.0.0/16 "office lan" 10.2.0.0/16 Instance vlans (20 vlan within that space)

The compute and control nodes have dual nic, eth0 being on the office lan, eth1 on their private network (physically separated network).

Office lan machines can connect to instances using their floating ip. Instances cannot connect to anything on the office lan.

It seems a nat/forward rule is missing on the compute node to let instances connect to the office lan.

Nat rules on the compute node:

DNAT all -- 0.0.0.0/0 10.0.253.17 to:10.2.0.3 DNAT udp -- 0.0.0.0/0 10.0.254.101 udp dpt:1000 to:10.2.0.2:1194 DNAT all -- 0.0.0.0/0 10.0.253.18 to:10.2.0.5 ACCEPT all -- 10.0.0.0/8 10.0.0.0/8 ! ctstate DNAT DNAT tcp -- 0.0.0.0/0 169.254.169.254 tcp dpt:80 to:169.254.169.254:8775 DNAT all -- 0.0.0.0/0 10.0.253.17 to:10.2.0.3 DNAT udp -- 0.0.0.0/0 10.0.254.101 udp dpt:1000 to:10.2.0.2:1194 DNAT all -- 0.0.0.0/0 10.0.253.18 to:10.2.0.5 SNAT all -- 10.2.0.3 0.0.0.0/0 to:10.0.253.17 SNAT all -- 10.2.0.5 0.0.0.0/0 to:10.0.253.18 SNAT all -- 10.0.0.0/8 0.0.0.0/0 to:10.0.254.101

Routes on the compute node default firewall001.hq. 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 * 255.255.0.0 U 0 0 0 eth0 10.2.0.0 * 255.255.255.224 U 0 0 0 br100 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0

ip addr output 1: lo: <loopback,up,lower_up> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 169.254.169.254/32 scope link lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:30:48:f9:d5:98 brd ff:ff:ff:ff:ff:ff inet 10.0.254.101/16 brd 10.0.255.255 scope global eth0 inet 10.0.253.17/32 scope global eth0 inet 10.0.253 ... (more)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2012-04-24 15:34:11 -0500

Okay, seems like i had a routing issue on the compute node.

Moving all the vlans to 192.168.0.0/16 range made requests on the 10.0.0.0/16 work.

Still unsure why it wasn't working before.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-04-24 14:52:08 -0500

Seen: 13 times

Last updated: Apr 24 '12