Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: Screenshot

OpenStack version Kilo.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: Screenshotsecurity group screenshot

OpenStack version Kilo.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

OpenStack version Kilo.

Instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

OpenStack version Kilo.

Instance Another instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

+-----------+----------+------------------+------------------------------+
| direction | protocol | remote_ip_prefix | remote_group                 |
+-----------+----------+------------------+------------------------------+
| egress    | any      | 0.0.0.0/0        |                              |
| ingress   | tcp      | 0.0.0.0/0        |                              |
| ingress   | icmp     | 0.0.0.0/0        |                              |
| ingress   | any      |                  | without-default-total-egress |
| ingress   | any      |                  | without-default-total-egress |
+-----------+----------+------------------+------------------------------+

OpenStack version Kilo.

Another instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

+-----------+----------+------------------+------------------------------+
| direction | protocol | remote_ip_prefix | remote_group                 |
+-----------+----------+------------------+------------------------------+
| egress    | any      | 0.0.0.0/0        |                              |
| ingress   | tcp      | 0.0.0.0/0        |                              |
| ingress   | icmp     | 0.0.0.0/0        |                              |
| ingress   | any      |                  | without-default-total-egress |
| ingress   | any      |                  | without-default-total-egress |
+-----------+----------+------------------+------------------------------+

OpenStack version version: Kilo.. OpenContrail version: 2.21

Another instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

+-----------+----------+------------------+------------------------------+
| direction | protocol | remote_ip_prefix | remote_group                 |
+-----------+----------+------------------+------------------------------+
| egress    | any      | 0.0.0.0/0        |                              |
| ingress   | tcp      | 0.0.0.0/0        |                              |
| ingress   | icmp     | 0.0.0.0/0        |                              |
| ingress   | any      |                  | without-default-total-egress |
| ingress   | any      |                  | without-default-total-egress |
+-----------+----------+------------------+------------------------------+

  • OpenStack version: Kilo. .
  • OpenContrail version: 2.21

Another instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

+-----------+----------+------------------+------------------------------+
| direction | protocol | remote_ip_prefix | remote_group                 |
+-----------+----------+------------------+------------------------------+
| egress    | any      | 0.0.0.0/0        |                              |
| ingress   | tcp      | 0.0.0.0/0        |                              |
| ingress   | icmp     | 0.0.0.0/0        |                              |
| ingress   | any      |                  | without-default-total-egress |
| ingress   | any      |                  | without-default-total-egress |
+-----------+----------+------------------+------------------------------+
  • OpenStack version: Kilo.
  • OpenContrail version: 2.21

Another instance with default security group is able to wget without any problems.

Cannot establish full TCP connection from instance without default security group

Hi,

I don't want instance to be in default security group. When I create my own security group in my project I'm not able to wget some http page. Even though I have all egress communication allowed. There is no floating IP associated to the instance. For e.g.:

# wget google.com
--2016-03-04 13:56:44--  http://google.com/
Resolving google.com (google.com)... 216.58.214.206, 2a00:1450:400d:802::200e
Connecting to google.com (google.com)|2a00:1450:400d:802::200e|:80... failed: Network is unreachable.

Both ping and DNS resolving are OK.

Security group look like this: security group screenshot

+-----------+----------+------------------+------------------------------+
| direction | protocol | remote_ip_prefix | remote_group                 |
+-----------+----------+------------------+------------------------------+
| egress    | any      | 0.0.0.0/0        |                              |
| ingress   | tcp      | 0.0.0.0/0        |                              |
| ingress   | icmp     | 0.0.0.0/0        |                              |
| ingress   | any      |                  | without-default-total-egress |
| ingress   | any      |                  | without-default-total-egress |
+-----------+----------+------------------+------------------------------+
  • OpenStack version: Kilo.
  • OpenContrail version: 2.21

Another instance with default security group is able to wget without any problems.