Actually, I just reread your message, and it looks like you mean you were trying to reach the VM on the public IP when the VM was using a private floating IP. Ignore my previous comments, they were based on an incorrect reading of your email.
I have done double NAT with OpenStack before (with a load balancer using the public IP and a private IP as a floating IP), and it worked for most things but certain protocols failed. Ping shouldn't have an issue between 2 NAT layers, though. You might want to make sure that the NAT gateway is allowing inbound connections, and not just traffic initiated by the host behind the NAT gateway. -Dan Sneddon ----- Original Message ----- > If you have a NAT server that translates public IPs to private IPs, then it > is > always going to get the inbound traffic to the public IP. > > So, even if the public IPs are routable on the local network (are you sure > they > are?), you wouldn't be able to use those public IPs as long as the NAT server > is > listening for inbound traffic to those IPs. You might send traffic out, but > the > return traffic is going to go to the NAT server and not your VM. > > None of this has anything to do with OpenStack or private IPs, you just have > local routing issues. > > -Dan Sneddon > > ----- Original Message ----- > > Dear All, > > > > We get a pool of Public IPs which statically map to private IP addresses . > > If > > I assign any one of those private IP address to physical interface it is > > reachable from internet. > > > > In neutron setup I created the external network using the range of those > > private ip addresses and associate them as Floating IPs to the instances . > > > > When I ping/connect using the floating IPs (range from private IPs) it > > works > > , but when I use the assigned public IP it cannot ping/connect. > > > > > > Our setup: > > internet -> public ip -> natted-private-ip ->neutron-internal-ip->instance > > | | > > | | > > -- Natted (floating ips) -- > > > > Typical setup: > > internet -> public ip -> neutron-internal-ip->instance > > | | > > | | > > -- Natted (floating ips) -- > > > > Any hint ? > > > > -- > > > > Regards > > > > Zeeshan Ali Shah > > System Administrator - PDC HPC > > PhD researcher (IT security) > > Kungliga Tekniska Hogskolan > > +46 8 790 9115 > > http://www.pdc.kth.se/members/zashah > > > > _______________________________________________ > > OpenStack-operators mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
