You are right, the router must have an interface in external network and
the external network must have a subnet
How exactly did you try to create subnet? I guess using a CLI command?
It looks like you didn't specify the network which the new subnet should
belong to.
Try following this doc about creating an external network subnet:
http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-external-network.html
If you're still getting any errors, look into logs for details:
/var/log/neutron/server.log or /var/log/neutron-all.log
29.09.2016 13:07, Imran Khakoo пишет:
Hi there,
I deleted all the rules and added them back one by one, seeing if each
change suddenly allowed connectivity. No improvement, unfortunately.
My current rules:
Direction
Ether Type
IP Protocol
Port Range
Remote IP Prefix
Remote Security Group
Actions
Ingress IPv4 ICMP Any 0.0.0.0/0 <http://0.0.0.0/0>
- Delete Rule
Egress IPv4 ICMP Any 0.0.0.0/0 <http://0.0.0.0/0> -
Delete Rule
Ingress IPv4 TCP 1 - 65535 0.0.0.0/0 <http://0.0.0.0/0> -
Delete Rule
Egress IPv4 TCP 1 - 65535 0.0.0.0/0 <http://0.0.0.0/0> - Delete
Rule
Ingress IPv4 TCP 1 - 65535 - default
Delete Rule
Egress IPv4 TCP 1 - 65535 - default Delete
Rule
Displaying 6 items
Going back to my instances, pinging google:
ubuntu@throwaway:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.10.0.1 icmp_seq=17 Destination Net Unreachable
From 10.10.0.1 icmp_seq=18 Destination Net Unreachable
ubuntu@throwaway:~$ ip route
default via 10.10.0.1 dev eth0
10.10.0.0/16 <http://10.10.0.0/16> dev eth0 proto kernel scope link
src 10.10.0.4
169.254.169.254 via 10.10.0.1 dev eth0
ubuntu@throwaway:~$ ip neigh
10.10.0.2 dev eth0 lladdr fa:16:3e:d7:e1:d5 STALE
10.10.0.1 dev eth0 lladdr fa:16:3e:7c:cf:b1 REACHABLE
10.10.0.3 dev eth0 lladdr fa:16:3e:13:c8:8b STALE
So the gateway is 10.10.0.1 and the VM can reach it, but it somehow
can't route to 8.8.8.8. Looking at my openstack router, I notice that
it doesn't have a public IP address, only an internal one.
Name Fixed IPs Status Type Admin State Actions
(af24a36f-6790)
<http://10.1.1.147/project/networks/ports/af24a36f-6790-4024-8ee2-b4fbbcb856ba/detail>
* 10.10.0.1
Active Internal Interface UP Delete Interface
From other advice I received, the router should have both a public
interface and a private one. So when I try to add a public interface,
it requires me to first add a subnet.
So I'm guessing I should be creating a subnet on the ext_net, in order
to attach the external interface to it. I get the following error:
*Error: *Failed to create subnet "172.26.1.0/24
<http://172.26.1.0/24>" for network "None": The resource could not be
found. Neutron server returns request_ids:
['req-0e2edc22-c6a8-4038-89fd-26feb25393c6']
On Wed, Sep 28, 2016 at 7:23 PM, Turbo Fredriksson <[email protected]
<mailto:[email protected]>> wrote:
On Sep 28, 2016, at 5:32 PM, Imran Khakoo wrote:
> I did add this rule to default security group, that was the
first thing
> before I even launched an instance.
Yeah, that should have done it.
> Egress IPv4 Any Any 0.0.0.0/0 <http://0.0.0.0/0> -
> Egress IPv4 ICMP Any - default
> Egress IPv4 TCP 80 (HTTP) - default
> Egress IPv4 TCP 443 (HTTPS) - default
> Ingress IPv4 Any Any - default
> Ingress IPv4 ICMP Any0.0.0.0/0 <http://0.0.0.0/0> -
> Ingress IPv4 TCP 22 (SSH)0.0.0.0/0 <http://0.0.0.0/0> -
What strikes me is the sixth column. It is/should be the "Remote
Security Group"
column.
I'm a little unsure on how to use that, but if all those rules
come from
the 'default' security group, then you'll probably end up with a loop
or something..
But because of the two Any/Any rules, you would not need the
80/443 rules.
Nor the 22 one.
--
Life sucks and then you die
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
