Ask Your Question
0

floating ip allocation and iptables

asked 2016-07-19 03:28:15 -0500

openstackstarter gravatar image

updated 2016-07-19 03:30:05 -0500

I deployed 3node architecture and following through Openstack Guide:mitaka for Ubuntu. I launched an instance successfully, and allocated fix and floating ip with no problem, but my network is not working(instance do not have access to external network) The question is, After allocating floating ip to an instance, shouldn't a NAT rule be added to iptables on Network-node automatically by Openstack? Is there anything wrong with my iptables?

I didn't add any rule manually, just to be careful. I will provide any more info needed

Here's network-node's iptable info.

network-node@network-node:~$ sudo iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
neutron-openvswi-PREROUTING  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
neutron-openvswi-OUTPUT  all  --  anywhere             anywhere            

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
neutron-openvswi-POSTROUTING  all  --  anywhere             anywhere            
neutron-postrouting-bottom  all  --  anywhere             anywhere            

Chain neutron-openvswi-OUTPUT (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-POSTROUTING (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-PREROUTING (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-float-snat (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-snat (1 references)
target     prot opt source               destination         
neutron-openvswi-float-snat  all  --  anywhere             anywhere            

Chain neutron-postrouting-bottom (1 references)
target     prot opt source               destination         
neutron-openvswi-snat  all  --  anywhere             anywhere             /* Perform source NAT on outgoing traffic. */
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2016-07-20 09:10:56 -0500

rlpple gravatar image

Before getting into it too deep:

Did you clear your security rules and create new ones for the tenant for what you want? I find that the default seem to block everything and clearing them and create specific Ingress and Egress rules works best.

edit flag offensive delete link more
0

answered 2016-07-19 07:37:09 -0500

OpenStack automatically handles the iptables on the Network node. No manual entries are need for proper operation. I suspect your external bridge configuration (br-ex) is not correct.

edit flag offensive delete link more

Comments

could you tell me what files should I be looking at to check where br-ex configuration wrong?

openstackstarter gravatar imageopenstackstarter ( 2016-07-24 23:38:55 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-07-19 03:28:15 -0500

Seen: 366 times

Last updated: Jul 19 '16