Ask Your Question
0

VM Can Ping Internet With No Floating IP

asked 2013-12-16 03:08:19 -0500

gilank gravatar image

Hi all, this strange condition that i have, vm can ping internet once i set gateway in router. Gateway here is my local IP that can be used for internet. I figured it out that VM get router IP.

Here's the iptables on router (neutron) before and after set gateway out.

Before:

-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9696
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-postrouting-bottom -j neutron-l3-agent-snat

After:

-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-36d2c33f-78 ! -o qg-36d2c33f-78 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9696
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 10.10.1.0/24 -j SNAT --to-source 192.168.7.40
-A neutron-postrouting-bottom -j neutron-l3-agent-snat

Please help here.

Thanks

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-04-02 19:17:23 -0500

larsks gravatar image

I realize that this is an older question, but for what it's worth:

Connected a router to an external network will give instances connected to that router outbound access via SNAT (source NAT) on the router. That is, outbound connections will all appear to originate with the router's ip address. You can control this behavior through the external network's enable_snat attribute, as discussed here.

You must explicitly assign floating ip addresses if you want inbound access.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-12-16 03:08:19 -0500

Seen: 299 times

Last updated: Apr 02 '14