Hi Openstack experts,

I am from Verizon. I have installed openstack(devstack) mastar branch as all in one machine configuration in

ubuntu 14.04 LTS. I am creating the VM which needs to work as router(Firewall and NAT) and it will have 2

interfaces LAN and WAN interfaces. This router VM will provide the firewall and NAT services to my VM

client/client hosts. LAN interface was using br-mgmt adapator ( and WAN interface was using net0

adaptor ( I have used the openWRT VM. The VM router came up with LAN IP as and WAN IP as Iside the VM, there is a routing entry with as default gateway. Because WAN is pointing the

LAN interface of openstack external router which connects the machie to outside world. Inside the VM I am able to

access the But I want to ping the WAN ip from ubuntu host machine. So that I can route the client

packets to my router VM. Also I added the routing entry in ubuntu machine to route destined packets to

br-mgmt0 interface. When I ping WAN IP ( from ubuntu machien, the ICMP packets are coming to eth0 (LAN)

on the router VM. I verified this by running tcpdump. But the router VM is not generating ICMP reply. Then I

disabled the firewall in router VM and even then it is not working. Then I ran the commands to masquerade to WAN

(eth1) Interface. Even then it is not working. then I tought that it may be due to some issue in openWRT and then I tried bring Ubuntu vmdk as router VM as

openstack instance. then I enabled the ip_forward flag to 1 to make it as router in Ubuntu VM. Ubuntu VM is having

routing entry with as default gateway. When I ping WAN IP ( from ubuntu machine, the ICMP

packets are coming to eth0 (LAN) on the Ubuntu router VM. it is aslo generating ICMP reply inside the VM but ICMP

replies are not coming out of LAN (eth0) or WAN(eth1). So Ubuntu machine is not seeing ICMP reply packets. Then I

did the maquerade as well in ubuntu VM and still not working.

I am really not sure whether openstack Firewall entries in Ubuntu machine IP tables are blocking or something else

or I am making some mistakes. Can somebody provide some sugesstion to make this working?. If this works I thought

of pointing my client VM or client hosts to point to router VM LAN IP. So that it can apply firewall and NAT

service for this clients.

Hi, Did you ever get to the bottom of this? I tried to do the same thing today and appear to have run into the same problem.

chris.walker ( 2017-11-22 05:33:05 -0500 )edit

I have exactly the same issue. I encountered this several times with different setups. No solution found so far.

Severin ( 2018-01-05 13:44:38 -0500 )edit