No access between provider and tenant networks


I've installed Openstack in a controller/compute two node structure according to Emilien Macchi's Folsom install guide ( and later changed the configuration to use namespaces. Most things seem fine, except that from a computer on the external network I'm unable to ping either the router's external network interface on the controller node or the floating IP that should lead me to the VMs on the internal (tenant) network. The same holds true in the opposite direction: VMs cannot ping any computers on the external (provider) network.

On the controller node I have eth0 bridged to the external network: br-ex has IP address and eth0 has no IP. My virtual router's interface on this network is and the provider network gateway is There's also a floating IP configured as, connecting to a VM out of

From another computer I can ping (br-ex), but not the floating IP or the router's gateway interface ( Secgroup rules have been added but didn't help.

From the controller node itself, I can ping any of these external network addresses when I don't use a namespace name. When I'm in the qrouter- namespace, I can ping all IP addresses that belong to the controller's external network as well, but cannot access any other computer in the external network. Also, I can ping VMs if I'm in the dhcp- namespace.

From a VM's perspective, I can ping any IP address on the controller external network (.224, .225 and .226), but nothing on another host (the external network gateway, for instance). VMs can ping each other.

I've pasted quite a lot of output about my setup here so that I could be as clear as possible:

If anyone could help me on this issue I would be grateful. I've spent an awful lot of time for the past several days trying to figure out what could be wrong with this interconnection problem, but couldn't find anything that would solve it. Any direction on this matter will be much appreciated. Thanks.