Hi, I did add this rule to default security group, that was the first thing before I even launched an instance. I'm still a newbie so I may be missing something?
Direction Ether Type IP Protocol Port Range Remote IP Prefix Remote Security Group Actions Egress IPv4 Any Any 0.0.0.0/0 - Delete Rule Ingress IPv6 Any Any - default Delete Rule Ingress IPv4 Any Any - default Delete Rule Egress IPv6 Any Any ::/0 - Delete Rule Egress IPv4 ICMP Any - default Delete Rule Ingress IPv4 ICMP Any 0.0.0.0/0 - Delete Rule Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 - Delete Rule Egress IPv4 TCP 80 (HTTP) - default Delete Rule Egress IPv4 TCP 443 (HTTPS) - default On Wed, Sep 28, 2016 at 5:31 PM, Turbo Fredriksson <[email protected]> wrote: > On Sep 28, 2016, at 4:07 PM, Imran Khakoo wrote: > > I can ping instances and SSH into them just fine, but I can't seem to get > internet access on the instances. > > > Maybe a security group is blocking it? > > To do a trace from an instance to the 'Net, you'd need to open up for ICMP > traffic. > > But I'd suggest to be more "smart" about that - what service do the > instance need > access to [on the 'Net]? > > To download package (like 'apt-get update/apt-get install/apt-get upgrade' > or whatever > package manager you're using etc)? Then 'just' open up the HTTP and/or > HTTPS (port > 80 and/or 443 from the instance to '0.0.0.0/0' (for a very open rule). > > To have _all_ the instances have that access 'by default', put it in the > "default" security > group. > > Note: This needs to be an 'egress' rule only. > -- > Build a man a fire, and he will be warm for the night. > Set a man on fire and he will be warm for the rest of his life. > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
