Ask Your Question
0

Virtual machine as gateway

asked 2014-07-28 01:31:02 -0500

Doria gravatar image

I have installed openstack icehouse on ubuntu. I created two tenant networks using neutron, under the same tenant, network A is connected with router and br-ex, network B is not. I then created one virtual machine VM-1 in network A, and one virtual machine VM-2 in network B. I intend to configure VM-1 as the gateway of VM-2, and thus VM-2 can ping to the internet as VM-1 can do. But after I configured VM-1 as the default gw of VM-2, and enabled the packet forwarding of VM-1, VM-2 cannot ping VM-1, not even the internet.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-07-28 02:39:46 -0500

totten25 gravatar image

I don't understand why do you use VM-1 as gateway because by default, when you created internal network and you add it to be interface in virtual router. Router can help you to route between network A and network B. For this problem, VM-1 in network A didn't has routing information about VM-2 in network B. You should add routing which is linux command and when you reboot VM-1, routing table will be cleared and back to default. You may add route in /etc/network/interfaces. Moreover, i think "tcpdump" command can help you to figure out this problem.

edit flag offensive delete link more

Comments

Hello Totten, I want to configure VM-1 as the default gateway of VM-2 because I want to add a series of IPtables rules, which I cannot do on the router. Thank you for your answer. Do you know is this probably related to the nova security group rules?

Doria gravatar imageDoria ( 2014-07-28 11:26:02 -0500 )edit
0

answered 2014-12-13 21:16:36 -0500

Zollner Robert gravatar image

1) VM-01 should have two interface one in Netw-A(eth0) and another in Netw-B(eth1) at this point if your "Security Group" setting permits it you should be able to ping between ip addreses of VM-01(eth1) and VM-02 that are in Netw-B

2) Next to be able to ping from Vm-02 to Vm-01 eth0 ipaddr (Netw-B) you must delete some iptables rules or disable the neutron firewall completely

get port id of VM-01 eth1:

neutron port-list |grep "192.168.1.2"
| **6cd7f3ab**-.. fa:16:3e:9c:38:23 | {"subnet_id": "b9...", "ip_address": "192.168.1.2"}|

id = 6cd7f3ab

iptables -n -L -t filter -v  --line-numbers | grep -i "Chain neutron-openvswi-s"6cd7f3ab -A 3
Chain neutron-openvswi-s6cd7f3ab-4 (1 references)
num   pkts bytes target     prot opt in     out   source        destination         
1     2658  229K RETURN     all  --  *      *     192.168.1.2   0.0.0.0/0    MAC FA:16:3e:9c:38:23
2        5     0 DROP       all  --  *      *     0.0.0.0/0     0.0.0.0/0

Delete rule nr. #2:

iptables -D neutron-openvswi-s6cd7f3ab-b 2

3) enable nat on vm-01:

iptables -t nat -A POSTROUTING -o **eth0** -j MASQUERADE
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-07-28 01:31:02 -0500

Seen: 1,304 times

Last updated: Jul 28 '14