Ask Your Question

devstack all-in-one - external network packet trace

asked 2014-03-11 21:55:31 -0500

sivak gravatar image

updated 2014-03-11 22:15:16 -0500

Hi, I have an ubuntu hardware host (H). I have installed virtualbox on this and running another ubuntu VM (D) with devstack.

I am using the vanilla all-in-one devstack setup. AFter running, OpenStack services are all up and I can create cirros VMs running in (D). From (D) I can reach these cirros VMs and vice-versa. The cirros VMs are connected to a private network and to the public network via the router (all this was auto created by devstack, I didnt do anything except create the localrc as per below)

But how do I give the cirros VMs outgoing public internet access - eg. I want to ping from cirros VM.

more details: ubuntu 12.04/10, openstack latest git, devstack latest git.

disable_service n-net
enable_service neutron, q-svc, q-agt, q-dhcp, q-l3, q-meta, q-lbaas, q-fwaas

During ping, on (H), "tcpdump -vvv -i br-ex -n" shows receiving the ping packets from the router interface address to But thats the end of that. Is my host dropping it? or my next hop dropping it? how to troubleshoot.

  • Sivakumar
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2015-03-20 01:30:50 -0500

dbaxps gravatar image

updated 2015-03-20 01:41:38 -0500

You have to run :-

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

on (D) hosting instance. This will allow your VMs work with Internet.
For devstack installs on VMs running on Fedora 21 KVM/LIBVIRT Hypervisor it works fine.
However, it would not provide access to your floating IPs from (H) , actually, from outside world.
Security rules will have effect only for connections from (D).

edit flag offensive delete link more

answered 2015-03-19 09:38:06 -0500

Darsh29 gravatar image

From my understanding, you have missed to provide the rules under Security Groups. Under Compute -> Access & Security -> Security Groups, click on Manage/Edit Rules -> Add ingress and egress for SSH and ICMP. ( )

Through CLI:

Also FYI, I believe you have enabled the Packet forwarding configuration for VB host-only networking.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-11 21:55:31 -0500

Seen: 659 times

Last updated: Mar 20 '15