Ask Your Question

Accessing the VM from internet

asked 2015-05-08 19:06:33 -0600

Vivek gravatar image

Hello All,

In my single node setup (Openstack JUNO on CENTOS 6.5 running with neutron-ovs for networking) which is functional, I am able to reach the internet from the virtual-machine using floating-ip and everything seems to be working fine.

But I want to access the VM from the outside network and I tried testing that by pinging the floating-ip and I see that the reachability is not there. So what I would like to know is

  1. Is this a expected behaviour and do I need to turn on something else ?
  2. Am I missing something , in which case what are the common things I can look for ?

Regards, Vivek

edit retag flag offensive close merge delete


Please post ifconfig && ovsvsctl show and description or create statement for your external network

dbaxps gravatar imagedbaxps ( 2015-05-09 00:34:10 -0600 )edit

Make sure your default security group allows inbound traffic.

Tobias Urdin gravatar imageTobias Urdin ( 2015-05-10 15:09:08 -0600 )edit

3 answers

Sort by ยป oldest newest most voted

answered 2015-05-09 14:32:45 -0600

YanivZadka2 gravatar image

Try opening ports on your default security group (or any other security group this instance assigned to): nova secgroup-add-rule default icmp -1 -1 nova secgroup-add-rule default tcp 22 22

edit flag offensive delete link more

answered 2015-05-10 06:23:06 -0600

Vivek gravatar image

First of all thanks for both the replies.

@ sunnyarora : I have already enabled forwarding in linux kernel and everything else (other traffic flows like inter-vm, vm to internet ) are working fine.

@ YanivZadka2: Does adding a nova sec group rule gonna make any difference here ? Since I am using JUNO with neutron does having a nova network (this sec rule for instance) configuration has any effect ?

edit flag offensive delete link more


The config guide have a section about pinging the floating IP default GW: "the tenant router gateway should occupy the lowest IP address in the floating IP address range" if you can't ping it there's an issue you need to solve first. If not open the ports in the sec group - it is applied by default

YanivZadka2 gravatar imageYanivZadka2 ( 2015-05-10 17:07:35 -0600 )edit

answered 2015-05-08 19:59:03 -0600

sunnyarora gravatar image

updated 2015-05-11 02:13:03 -0600

Yes this can be the expected behaviour in case your Iptables on compute nodes are not properly set so that the IP should get the correct response. Can you please check is ip forwarding enabled on the compute node ? also run below command on the compute node.This worked in my case. sysctl -p

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-05-08 19:06:33 -0600

Seen: 280 times

Last updated: May 11 '15