Ask Your Question
1

Can access from floating ip but can't access from internal ip

asked 2016-03-16 03:15:41 -0500

winggundamth gravatar image

I successful deploy with OpenStack Ansible. Our company needed is internal network in the office must can access internal ip address that directly assign to instance. So I need to use VLAN for both internal and external network then configure static route on Neutron router to use VPN gateway as destination when it goes to office's network.

Let's say 10.10.10.0/24 is floating network, 10.10.25.0/24 is internal network and 192.168.1.0/24 is office network.

  • from office network, I can ping to the instance both internal and floating ip.
  • from office network, I can SSH to the instance via floating ip
  • from office network, I CAN NOT SSH to the instance via internal ip
  • each instance can ssh each other

I tried to install Nginx on the instances. Behaviour are the same as SSH. I'm sure that I allow everything in the security group.

I tried telnet. It seems connected but something wrong with it

# This is wrong
$ telnet 10.10.25.27 22
Trying 10.10.25.27...
Connected to 10.10.25.27.
Escape character is '^]'.

# What it should be
$ telnet 10.10.10.7 22
Trying 10.10.10.7...
Connected to 10.10.10.7.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6

I'm doing tcpdump on both source and destination. Please see result below

# tcpdump from instance
14:13:23.123966 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [S], seq 1126915206, win 29200, options [mss 1460,sackOK,TS val 3239613 ecr 0,nop,wscale 7], length 0
14:13:23.127126 IP 10.10.25.27.http > 10.10.10.77.49938: Flags [S.], seq 3456905262, ack 1126915207, win 27960, options [mss 1410,sackOK,TS val 707000 ecr 3239613,nop,wscale 6], length 0
14:13:23.127155 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 3239614 ecr 707000], length 0
14:13:23.127237 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [P.], seq 1:290, ack 1, win 229, options [nop,nop,TS val 3239614 ecr 707000], length 289: HTTP: GET / HTTP/1.1
14:13:23.329487 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [P.], seq 1:290, ack 1, win 229, options [nop,nop,TS val 3239665 ecr 707000], length 289: HTTP: GET / HTTP/1.1
14:13:23.533496 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [P.], seq 1:290, ack 1, win 229, options [nop,nop,TS val 3239716 ecr 707000], length 289: HTTP: GET / HTTP/1.1
14:13:23.941484 IP 10.10.10.77.49938 > 10.10.25.27.http: Flags [P.], seq 1:290, ack 1, win 229, options [nop,nop,TS val 3239818 ecr 707000], length 289: HTTP: GET / HTTP/1.1
14:13:24.525014 IP 10 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-03-17 08:00:37 -0500

winggundamth gravatar image

I can solve my problem now. I have to add the route at office router. it needs to directly route to neutron not go to default gateway and everything solved

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-03-16 03:15:41 -0500

Seen: 105 times

Last updated: Mar 17 '16