ping: sendmsg: operation not permitted in Neutron when pinging instances

asked 2013-10-22 09:54:07 -0500

Anand gravatar image

updated 2013-10-24 01:00:23 -0500


I have installed single node openstack from devstack and booted two cirros machine instances. I am using OVS plugin for my work.

The instances are able to ping the outside world including public IP address as (facebook) and (google). However, when i ping from the host machine to the instances i get an error message ping: sendmsg: operation not permitted

The configuration is as follows:

Configuration of the router: Interface towards external bridge, br-ext, :

Interface towards integration bridge, br-int, :

I am able to ping the ip address and from the host machine.

Configuration of the Instances:

Instance #1 IP address:

Instance #2 IP address:

Default Security Group Rules:

Rule ALL TCMP and ALL ICMP Direction Ingress.

The machines are assigned fixed IP address from network and I am able to ping from the host machine.

According to route-n command The Gateway for an address in the network is

If anyone could help on this, i would really appreciate it. Thank you.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2013-10-22 13:34:53 -0500

updated 2013-10-22 13:35:58 -0500

You should try adding new (Allow all) security group with TCP 1-65535 UDP 1-65535 ICMP -1 -1. Also take a look at nova.conf. Do you have

security_group_api = neutron
firewall_driver = nova.virt.firewall.NoopFirewallDriver
edit flag offensive delete link more


This is what i have in the nova.conf : security_group_api = neutron firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver Are there any changes that i need to make to nova.conf ? I created a new security group with the above mentioned changes but the problem still persists.

Anand gravatar imageAnand ( 2013-10-24 00:59:47 -0500 )edit

Security groups are implemented by both neutron and nova, so try to change firewall_driver to Noop to disable them in nova '' Quantum now has support for security groups. In the case that Quantum supports security groups then the nova configuration file should be updated to support this: [DEFAULT] security_group_api = quantum firewall_driver = nova.virt.firewall.NoopFirewallDriver ''

laboshinl gravatar imagelaboshinl ( 2013-10-24 01:24:17 -0500 )edit

Thank you :)

Anand gravatar imageAnand ( 2013-10-29 08:03:53 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-10-22 09:54:07 -0500

Seen: 2,242 times

Last updated: Oct 24 '13