This is how my iptable looks like # iptables -n -tnat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination nova-api-PREROUTING all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination nova-api-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 nova-postrouting-bottom all -- 0.0.0.0/0 0.0.0.0/0 Chain nova-api-OUTPUT (1 references) target prot opt source destination Chain nova-api-POSTROUTING (1 references) target prot opt source destination Chain nova-api-PREROUTING (1 references) target prot opt source destination Chain nova-api-float-snat (1 references) target prot opt source destination Chain nova-api-snat (1 references) target prot opt source destination nova-api-float-snat all -- 0.0.0.0/0 0.0.0.0/0 Chain nova-postrouting-bottom (1 references) target prot opt source destination nova-api-snat all -- 0.0.0.0/0 0.0.0.0/0 I do have rule in my default security group to allow tcp/udp/icmp traffic to my VM. Apart from this, i do not see private IP address in the qdhcp name space # ip netns exec qdhcp-593574c7-2a27-4b5e-bd6d-ebd7282ffc08 ip addr list 32: tapc7622702-f7: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:ec:d7:b8 brd ff:ff:ff:ff:ff:ff inet 1.1.2.3/24 brd 1.1.2.255 scope global tapc7622702-f7 inet6 fe80::f816:3eff:feec:d7b8/64 scope link valid_lft forever preferred_lft forever 33: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever Can it cause any issue ? Will it be helpful if i configure use NoopFirewallDriver on controller/compute node ? Please let me know if you need any other data. Thanks Anil On Thu, May 30, 2013 at 7:13 PM, Salvatore Orlando <sorla...@nicira.com>wrote: > We will need to look at iptables on your network node. > If you run iptables -n -tnat --list you should see a couple of DNAT/SNAT > rules for forwarding traffic netween 9.126.108.127. > > In any case, bear in mind that the default security group does not allow > ICMP. If you have not enabled it, it might as well be that this is reason > for your issue. > > Salvatore > > > On 30 May 2013 15:36, Anil Vishnoi <vishnoia...@gmail.com> wrote: > >> Forwarding again with some hope for response :) >> >> >> ---------- Forwarded message ---------- >> From: Anil Vishnoi <vishnoia...@gmail.com> >> Date: Thu, May 30, 2013 at 3:14 AM >> Subject: [Grizzly][Quantum] Floating IP is not reachable >> To: "openstack@lists.launchpad.net" <openstack@lists.launchpad.net> >> >> >> >> Hi All, >> >> I have a setup where controller/network node is running on one server and >> i have another server as a compute node. I am able to launch the VM and VM >> gets its private IP from its respective DHCP server as well. VM is >> connected to its private network. Private network is attached to the router >> and external network is set as a gateway for the router. I am able to >> associate floating ip to the VM as well. >> >> But when i ping this floating ip from internet, i am not able to ping. >> Although i am able to ping the gateway ip of the router. I checked the ARP >> entry for the floating ip, and its successfully resolving the arp for this >> floating ip. >> >> I can see this address in the router name space as well. >> >> # ip netns exec qrouter-3d7dfce4-c19a-4448-b276-1631690a403c ip addr >> 14: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 15: qr-e018e6ed-37: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 >> qdisc noqueue state UNKNOWN >> link/ether fa:16:3e:f5:73:c5 brd ff:ff:ff:ff:ff:ff >> inet 1.1.1.1/24 brd 1.1.1.255 scope global qr-e018e6ed-37 >> inet6 fe80::f816:3eff:fef5:73c5/64 scope link >> valid_lft forever preferred_lft forever >> 19: qg-d75a619f-ac: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 >> qdisc noqueue state UNKNOWN >> link/ether fa:16:3e:2e:c6:4b brd ff:ff:ff:ff:ff:ff >> inet 9.126.108.126/24 brd 9.126.108.255 scope global qg-d75a619f-ac >> inet 9.126.108.127/32 brd 9.126.108.127 scope global qg-d75a619f-ac >> << >> inet6 fe80::f816:3eff:fe2e:c64b/64 scope link >> valid_lft forever preferred_lft forever >> >> >> So i can ping 9.126.108.126 but i am not able to ping 9.126.108.127. >> Also both of these IP actually resolves to the same MAC address, is it >> expected ? I added rules in the default security group to allow >> TCP/UDP/ICMP traffic. >> >> Please let me know if anybody has any clue on whats going on here , and >> how can i further debug it. Please let me know if you need any other >> details. >> -- >> Thanks >> Anil >> >> >> >> -- >> Thanks >> Anil >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > -- Thanks Anil
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp