Hey guys, Ignore this q. I didn't really have my head around how Openstack works and I think I get it now.
Thanks for all your help. -- joe. On 12 November 2012 10:12, Joe Warren-Meeks <[email protected]>wrote: > Hi Vish et al. > > I still can't make head nor tail of it. ICMP works in both directions > fine, but when I try to ssh out from the VM (even with the dmz_cidr flags) > the SYN gets through un-snatted ok, then my desktop SYN-ACKs back, but the > virt never gets to see it. Instead, the snat layer sends a RST. > > I don't want any NAT at all. I just want the virts bridged on to the VLAN. > Is there a way to do that? > > Kind regards > > -- joe. > > > > On 9 November 2012 19:56, Vishvananda Ishaya <[email protected]>wrote: > >> What is the ip address of your workstation? You may be running into >> something similar to this issue: >> >> >> http://lists.openstack.org/pipermail/openstack-dev/2012-September/001212.html >> >> I suspect either: >> >> a) Traffic not getting snatted when it should. This is usually due to >> overlapping ranges between your internal network and fixed_range >> >> this would be fixed by limiting fixed_range in your config file to just >> the instances range: (fixed_range=10.0.41.0/24 ?) >> >> or >> >> b) Traffic getting snatted when it shouldn't. This is usually because >> your workstation ip is on an ip that is internally routable but not >> routable from the external network of the compute host, so it can't get >> back to the snatted ip >> >> this is fixed by stopping snatting to the workstation by setting dmz_cidr >> to a value that includes your workstation network: (dmz_cidr=10.0.0.0/24?) >> >> Vish >> >> On Nov 9, 2012, at 9:14 AM, Joe Warren-Meeks <[email protected]> >> wrote: >> >> Hi all, >> >> I've managed to get Openstack pretty much up and running as I wanted it. >> I do have, however, a rather strange networking issue. >> >> I created the network with >> nova-manage network create --fixed_range_v4=10.0.41.0/24--num_networks=1 >> --bridge=br41 --bridge_interface=eth0 --label=development >> --gateway=10.0.41.1 --dns1=10.0.0.2 --vlan=41 --project_id=XXXXXXX >> >> And i can boot instances fine. I've configured the default security group >> to allow port 22, 80 and ICMP -1 in and I can ping from my work station to >> the virtual instance ok: >> >> joe@kaneda:~$ ping 10.0.41.3 >> PING 10.0.41.3 (10.0.41.3) 56(84) bytes of data. >> 64 bytes from 10.0.41.3: icmp_req=1 ttl=63 time=1.18 ms >> >> And i can ping from the virt back too: >> ubuntu@test:~$ ping 10.0.0.240 >> PING 10.0.0.240 (10.0.0.240) 56(84) bytes of data. >> 64 bytes from 10.0.0.240: icmp_req=1 ttl=64 time=0.713 ms >> >> >> I can SSH out from the virt to a host in the outside world fine: >> ubuntu@test:~$ ssh joe@XXXXX >> joe@XXXXXX password: >> -bash: fortune: command not found >> joe@dixon:~ $ >> >> BUT I can't ssh from the virt to my workstation, nor from my workstation >> to the Virt. Neither does http work. >> >> What I am seeing in Tcpdump is a lot of incorrect cksums. This happens >> with all Tcp connections. >> >> 17:12:38.539784 IP (tos 0x0, ttl 64, id 53611, offset 0, flags [DF], >> proto TCP (6), length 60) >> 10.0.0.240.56791 > 10.0.41.3.22: Flags [S], cksum 0x3e21 (incorrect >> -> 0x6de2), seq 2650163743, win 14600, options [mss 1460,sackOK,TS val >> 28089204 ecr 0,nop,wscale 6], length 0 >> >> >> 17:12:38.585279 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto >> TCP (6), length 60) >> 10.0.41.3.22 > 10.0.0.240.56791: Flags [S.], cksum 0x3e21 (incorrect >> -> 0xe5c5), seq 1530502549, ack 3098447117, win 14480, options [mss >> 1460,sackOK,TS val 340493 ecr 28089204,nop,wscale 3], length 0 >> >> Anyone come across this before? >> >> -- joe. >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
