Revision history [back]

click to hide/show revision 1
initial version

Iptables and nova-network's nova-network-snat are not working correctly

Hi, all.

There are win7 and linux vms in a same compute node. All linux vms could access external network, but all win7 vm couldn't !

The network configuration:
nova-network multi-host
Internal network interface: em3 promisc
flat bridge: br100
flat interface: em3
vm ip range: 20.0.0.0/22
public network interface: em1 ( 172.18.215.8 , this is the routing_source_ip )

I trace the iptables output. It looks like the nova-network-snat failed, otherwise the output of kern.log shoud be end with nat:nova-network-snat. And, I noticed that IN= OUT=em1 PHYSIN=vnet0 ( linux ) and IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 ( win7 ) were different. But I don't understand why this happend, how could I fix it.

Thanks.

Commands:

modprobe ip_LOG  
iptables -t raw -A PREROUTING -s 20.0.0.5 -p icmp -j TRACE
iptables -t raw -A PREROUTING -s 20.0.0.2 -p icmp -j TRACE

20.0.0.5 is a win7 vm, 20.0.0.2 is a linux vm. Both of them have no floating ip. Then ping an external ip address. In the /var/log/kern.log, found something:

( linux vm )

nat:nova-network-snat:rule:2 IN= OUT=em1 PHYSIN=vnet0 SRC=20.0.0.2 DST=222.200.160.2 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=5935 DF PROTO=ICMP TYPE=8 CODE=0 ID=41729 SEQ=0
( end of log )

( win7 vm )

nat:nova-network-snat:return:3 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
nat:nova-postrouting-bottom:rule:3 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10  
nat:nova-api-metadat-snat:rule:1 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
nat:nova-api-metadat-float-snat:return:1 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
nat:nova-api-metadat-snat:return:2 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
nat:nova-postrouting-bottom:return:4 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
nat:POSTROUTING:policy:5 IN= OUT=br100 PHYSIN=vnet1 PHYSOUT=em3 SRC=20.0.0.5 DST=222.200.160.2 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=312 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=10
( end of log )