external Net reachable but not the internet!

asked 2014-09-04 06:21:25 -0600

n7rxDE gravatar image

updated 2014-09-15 04:55:46 -0600


It seems to work a little bit... I can get response with telnet command but than the ssh gets freeze or something like this... So really hope that it works for now! But within the telnet command it seems at there is a dns problem... telnet does only work with ip but try ping e.g. google.de resolves to correct ip!

ORIGINAL: I had used the basic installation guide for a 3 Node Icehouse Setup using ML2 with OVS as mechanism driver and GRE Tunneling.

Tutorial: http://docs.openstack.org/icehouse/in...

Alll 3 Nodes are setup with Virtualbox and it seem to work nearly fine.

I can establish Instance, can ssh and ping it from any node in my physical net. The instance can ping real nodes in the physical net too.

My problem is the final step to Internet.

I have assigned floating_ips, setup the nova security rules and all other stuff.

There is some issue with virtualbox or the local pool and ping the web.... ping does not work by any VBOX Node and the host itself therefore not by Instance at all... but ping www.google.de does show me the right dns resolution.

Acces to metadata by instance is always good, and all does work but not the last step to get back by the web. Forward ipv4 is always enabled on any node of my setup.

It seems as all does work but this.

Moreover the metadata log of my virtual router is completely empty, in an older router log i can see something, but nothing in this which belongs to my net now.

The 3 Nodes can telnet the web but this does not work for instance with output:

From Instance:
$ telnet www.google.de 80
telnet: can't connect to remote host: Network is unreachable

So does anyone of you have a 3 Node Icehouse setup like me (maybe with Virtualbox, too) that does work and can ping the web and can share his files with me which i have to setup and also not to setup...!

Thanks for your responses!

Instance: telnet 80

demorouter tcpdump:

 root@network:~# ip netns exec qrouter-d8455b20-5a2f-4c49-9370-f0648b5ea4f5 tcpdump -nnti any not arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^CIP > Flags [P.], seq 3843316346:3843316394, ack 2841661934, win 255, options [nop,nop,TS val 1462078 ecr 32083], length 48
IP > Flags [P.], seq 3843316346:3843316394, ack 2841661934, win 255, options [nop,nop,TS val 1462078 ecr 32083], length 48
IP > Flags [P.], seq 1:49, ack 48, win 3982, options [nop,nop,TS val 33823 ecr 1462078], length 48
IP > Flags [P.], seq 1:49 ...
edit retag flag offensive close merge delete


care to share your configuration especially on the ml2 gree config as i could not bring up the virtual router on my setup?

chrone gravatar imagechrone ( 2014-09-04 10:10:39 -0600 )edit

So can you ping the outside world from within the instance?

capsali gravatar imagecapsali ( 2014-09-04 15:31:39 -0600 )edit

i cant ping the outside world, just any other pc in this pool which are on ext-net btw. the physical net in this pool... and there is some issue with ping the web and virutalbox because of this does not work by any node, so i can test it with telnet this does work by all nodes/router not for OS VM

n7rxDE gravatar imagen7rxDE ( 2014-09-05 02:28:51 -0600 )edit

i can other machines in the 172.29.34.xxx net which one is the physical by pool and the ext-net for Cloud... Gateway was set correctly and i have a floating ip range from .96 up to .99 small but enough for testing. This works all fine. can also ssh ping instance by any other node in pool but no web!

n7rxDE gravatar imagen7rxDE ( 2014-09-05 05:36:22 -0600 )edit

After some Listening i noticed that the NATed packest by telnet command of instance get back to my demorouter but not to my instance and that my specific log for the metadata proxy at this router is empty! Anyone with ideas?! see question text atop.

n7rxDE gravatar imagen7rxDE ( 2014-09-08 03:44:26 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2014-09-23 23:02:47 -0600

chrone gravatar image

Have you tried adding this following on your Network node /etc/neutron/dhcp_agent.ini?

dnsmasq_dns_servers =,
edit flag offensive delete link more

answered 2014-09-17 02:49:15 -0600

n7rxDE gravatar image

Changed the nova.conf, and added an iptables rule with MASQUERADE... Getting responses for telnet commands but it is really laggy, but seems to work for now!

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-09-04 06:21:25 -0600

Seen: 913 times

Last updated: Sep 23 '14