Need OpenStack VMs to Talk to Internet

asked 2015-04-09 20:45:03 -0600

fatk1d gravatar image

Thanks to the user known as "dbaxps", I was able to get the VMs that I created in OpenStack (through Devstack all-in-one installation) to talk to other computers on my private LAN.

The VMs that I spin up have their private IPs in the 10.10.10.X range and their floating IPs are in the 172.16.5.x range. The host OS has his private network on the 192.168.1.X range. So, none of the OpenStack networks overlap with the network that I have on my host computer. From what I've read, this is a configuration requirement.

The default gateway on my 192.168.1.X network is which goes out to the Internet through NAT taking place on an NVG589 residential gateway. The problem is that packets from the 172.16.5.X network reach the residential gateway without issue, they just aren't undergoing NAT at the NVG589 residential gateway. The NVG589 residential gateway is only set up to NAT IP's in the 192.168.1.X network.

I've looked for ways to tell the NVG589 to NAT an additional address space but there doesn't seem to be anyway of doing this. Anyone have any ideas as to how to make this work without putting the NVG589 in a bridge/pass-thru mode and getting a network appliance that CAN NAT more than one address space? I realize that I may be over looking something obvious here but I'm not a networking guru. Suggestions would be appreciated.

edit retag flag offensive close merge delete


Possible that your DNS isn't setup. Can you verify your DNS servers on your VM? Typically you can find those in /etc/resolv.conf

ethode gravatar imageethode ( 2015-04-09 21:14:19 -0600 )edit

Thanks for the suggestion but I had already come across that issue and was able to resolve it before I ran into this one. Great suggestion, though!

fatk1d gravatar imagefatk1d ( 2015-04-10 07:26:43 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-04-10 03:36:55 -0600

dbaxps gravatar image

updated 2015-04-10 03:44:16 -0600

  1. Run on devstack node :-

    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

This will result packets been sent from devstack pubic subnet to hide theirs source IP from your router

  1. Update private subnet 10.10.10.X with real IP of DNS server of your ISP
edit flag offensive delete link more


You are a machine. :) Solved the problem! Thanks again for your help. I managed to remember to update the with the real IP of the DNS server so that much I had gotten right. :)

fatk1d gravatar imagefatk1d ( 2015-04-10 07:35:49 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-09 20:45:03 -0600

Seen: 467 times

Last updated: Apr 10 '15