Hello everyone, i've this problem, vm can connect to internet but cannot receive traffic when i assign them a floating ip, these are the iptables rules created by nova-network
-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N nova-api-OUTPUT -N nova-api-POSTROUTING -N nova-api-PREROUTING -N nova-api-float-snat -N nova-api-snat -N nova-compute-OUTPUT -N nova-compute-POSTROUTING -N nova-compute-PREROUTING -N nova-compute-float-snat -N nova-compute-snat -N nova-network-OUTPUT -N nova-network-POSTROUTING -N nova-network-PREROUTING -N nova-network-float-snat -N nova-network-snat -N nova-postrouting-bottom -A PREROUTING -j nova-network-PREROUTING -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-api-PREROUTING -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-api-POSTROUTING -A POSTROUTING -j nova-postrouting-bottom -A nova-api-snat -j nova-api-float-snat -A nova-compute-snat -j nova-compute-float-snat -A nova-network-OUTPUT -d MY_FLOATING_IP/32 -j DNAT --to-destination 192.168.4.2 -A nova-network-POSTROUTING -s 192.168.4.0/24 -d MY_PUBLIC_IP/32 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.4.0/24 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.4.0/24 -d 192.168.4.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination MY_PUBLIC_IP:8775 -A nova-network-PREROUTING -d MY_FLOATING_IP/32 -j DNAT --to-destination 192.168.4.2 -A nova-network-float-snat -s 192.168.4.2/32 -j SNAT --to-source MY_FLOATING_IP -A nova-network-snat -j nova-network-float-snat -A nova-network-snat -s 192.168.4.0/24 -j SNAT --to-source MY_PUBLIC_IP -A nova-postrouting-bottom -j nova-network-snat -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-api-snat and this my nova.conf --dhcpbridge_flagfile=/etc/nova/nova.conf --dhcpbridge=/usr/bin/nova-dhcpbridge --logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/run/lock/nova --allow_admin_api=true --use_deprecated_auth=false --auth_strategy=keystone --scheduler_driver=nova.scheduler.simple.SimpleScheduler --s3_host=MY_PUBLIC_IP --ec2_host=MY_PUBLIC_IP --rabbit_host=MY_PUBLIC_IP --cc_host=MY_PUBLIC_IP --nova_url=http://MY_PUBLIC_IP:8774/v1.1/ --routing_source_ip=MY_PUBLIC_IP --glance_api_servers=MY_PUBLIC_IP:9292 --image_service=nova.image.glance.GlanceImageService --iscsi_ip_prefix=192.168.4 --sql_connection=mysql://novadbadmin:[email protected]/nova --ec2_url=http://MY_PUBLIC_IP:8773/services/Cloud --keystone_ec2_url=http://MY_PUBLIC_IP:5000/v2.0/ec2tokens --api_paste_config=/etc/nova/api-paste.ini --libvirt_type=kvm --libvirt_use_virtio_for_bridges=true --start_guests_on_host_boot=true --resume_guests_state_on_host_boot=true # vnc specific configuration --novnc_enabled=true --novncproxy_base_url=http://MY_PUBLIC_IP:6080/vnc_auto.html --vncserver_proxyclient_address=MY_PUBLIC_IP --vncserver_listen=MY_PUBLIC_IP # network specific settings --network_manager=nova.network.manager.FlatDHCPManager --public_interface=eth0 --flat_interface=eth2 --flat_network_bridge=br100 --fixed_range=192.168.4.0/24 --network_size=254 --flat_network_dhcp_start=192.168.4.1 --flat_injected=False --force_dhcp_release=true --iscsi_helper=tgtadm --connection_type=libvirt --root_helper=sudo nova-rootwrap --verbose=true with tcpdump i correctly see the syn packets on the eth0 (public interface) but can't see them on br100 or eth2 so they're not correctly dnatted. I've tried with both ip_forward enabled and disabled. Best Alessandro _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
