Did you open the security group for icmp? Inviato da iPhone
> Il giorno Mar 16, 2014, alle ore 10:36, "Anatoly Oreshkin" > <[email protected]> ha scritto: > > Hello, > > I've installed OpenStack Havana with Neutron all-in-one on single node under > Scientific Linux 6.4 > having multiple NICs Specifically eth0 with public network 212.190.96.128/27 > and eth2 with internal network 192.168.1.0/24 > > All openstack components were installed on ip address 212.190.96.14 (eth0) > CONFIG_NOVA_NETWORK_PUBIF=eth0 > > > OpenStack configuration follows: > > /etc/neutron/plugin.ini > > [OVS] > vxlan_udp_port=4789 > tenant_network_type=local > enable_tunneling=False > integration_bridge=br-int > network_vlan_ranges = physnet1 > bridge_mappings = physnet1:br-ex > > [AGENT]polling_interval=2 > > [SECURITYGROUP] > firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > Floating ip addreses are allocated from public ip range 212.190.96.140 - > 212.190.96.142 (eth0) > > Routing tables on my node > > Destination Gateway Genmask Flags Metric Ref Use Iface > 212.190.96.128 * 255.255.255.224 U 0 0 0 br-ex > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth3 > link-local * 255.255.0.0 U 1002 0 0 eth0 > link-local * 255.255.0.0 U 1004 0 0 eth2 > link-local * 255.255.0.0 U 1005 0 0 eth3 > link-local * 255.255.0.0 U 1011 0 0 br-ex > default 212.190.96.129 0.0.0.0 UG 0 0 0 br-ex > > > > > I launched instance from dashboard and instance was allocated ip address > 10.0.0.3 > from private network 10.0.0.0/24. Then I allocated the instance floating ip > address 212.190.96.141 from public network. > > The problem is that I can't ping the instance neither through floating ip > address > 212.190.96.141 nor private address 10.0.0.3 > > ~(keystone_admin)]# ip netns exec qdhcp-abe27f33-13e9-44d9-8f12-905cbccb615e > ping > 10.0.0.3 > PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data. > > However from inside the instance I can ping any ip address. > > But when I restart linux wirewall iptables "service iptables restart" I can > ping the > instance > I can't understand why so happened. I suspect that "linux wirewall restart" > deleted > the records from > iptables which were added by neutron when launching the instance and > permitted to > ping the instance. > > > Can anybody help me ? > > Any hint ? > > I provide additional information. > > Network namespace of my openstack configuration: > # ip netns > qdhcp-abe27f33-13e9-44d9-8f12-905cbccb615e > qrouter-9080a234-308a-40c3-9dda-477e7a9cdd99 > > # ip netns exec qrouter-9080a234-308a-40c3-9dda-477e7a9cdd99 route -n > > Destination Gateway Genmask Flags Metric Ref Use Iface > 212.190.96.128 0.0.0.0 255.255.255.224 U 0 0 0 > qg-fdd17595-7b > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > qr-67571cae-0a > 0.0.0.0 212.190.96.129 0.0.0.0 UG 0 0 0 > qg-fdd17595-7b > > # ip netns exec qdhcp-abe27f33-13e9-44d9-8f12-905cbccb615e route -n > > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > tape150108a-ef > 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 > tape150108a-ef > > > # ip netns exec qrouter-9080a234-308a-40c3-9dda-477e7a9cdd99 iptables -t nat > -S > > -P PREROUTING ACCEPT > -P POSTROUTING ACCEPT > -P OUTPUT ACCEPT > -N neutron-l3-agent-OUTPUT > -N neutron-l3-agent-POSTROUTING > -N neutron-l3-agent-PREROUTING > -N neutron-l3-agent-float-snat > -N neutron-l3-agent-snat > -N neutron-postrouting-bottom > -A PREROUTING -j neutron-l3-agent-PREROUTING > -A POSTROUTING -j neutron-l3-agent-POSTROUTING > -A POSTROUTING -j neutron-postrouting-bottom > -A OUTPUT -j neutron-l3-agent-OUTPUT > -A neutron-l3-agent-OUTPUT -d 212.190.96.141/32 -j DNAT --to-destination > 10.0.0.3 > -A neutron-l3-agent-POSTROUTING ! -i qg-fdd17595-7b ! -o qg-fdd17595-7b -m > conntrack > ! --ctstate DNAT -j ACCEPT > -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 > -j > REDIRECT --to-ports 9697 > -A neutron-l3-agent-PREROUTING -d 212.190.96.141/32 -j DNAT --to-destination > 10.0.0.3 > -A neutron-l3-agent-float-snat -s 10.0.0.3/32 -j SNAT --to-source > 212.190.96.141 > -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat > -A neutron-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 212.190.96.140 > -A neutron-postrouting-bottom -j neutron-l3-agent-snat > > > # iptables -S | grep tap > -A neutron-openvswi-FORWARD -m physdev --physdev-out tapcfb4a18d-aa > --physdev-is-bridged -j neutron-openvswi-sg-chain > -A neutron-openvswi-FORWARD -m physdev --physdev-in tapcfb4a18d-aa > --physdev-is-bridged -j neutron-openvswi-sg-chain > -A neutron-openvswi-INPUT -m physdev --physdev-in tapcfb4a18d-aa > --physdev-is-bridged -j neutron-openvswi-ocfb4a18d-a > -A neutron-openvswi-sg-chain -m physdev --physdev-out tapcfb4a18d-aa > --physdev-is-bridged -j neutron-openvswi-icfb4a18d-a > -A neutron-openvswi-sg-chain -m physdev --physdev-in tapcfb4a18d-aa > --physdev-is-bridged -j neutron-openvswi-ocfb4a18d-a > > > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > !DSPAM:1,5325e51b100158565920067! > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
