You shouldn't have to do anything other than disable SNAT and set a route for your tenant network upstream. Do some packet captures at different points in the system and try to determine where your packets stop flowing.
On Sat, Jan 16, 2016 at 10:48 AM Akshay Kumar Sanghai < akshaykumarsang...@gmail.com> wrote: > Hi Aaron, > Do i need to add something in the iptables ? The setup is working fine > with floating ip and snat enabled router. > > Thanks, > Akshay > > On Sat, Jan 16, 2016 at 8:59 PM, Aaron Segura <aaron.seg...@gmail.com> > wrote: > >> That is correct. You should be able to disable snat, then route the >> tenant network to the outside of the neutron router and communicate with >> your instances using their assigned fixed IP. >> >> If your outbound packets aren't leaving your router, you have another >> problem. Start checking iptables rules and make sure all of your plumbing >> is right. >> >> On Fri, Jan 15, 2016 at 5:55 PM Akshay Kumar Sanghai < >> akshaykumarsang...@gmail.com> wrote: >> >>> Hi, >>> In the cli of neutron router-gateway-set, thers is an option of disable >>> snat. >>> http://docs.openstack.org/cli-reference/neutron.html#neutron-router-gateway-set >>> >>> Does that mean i can create a tenant network and the packet will go out >>> with the same fixed ip of the vm? Assume the tenant network created is >>> routable or identifiable in the physical network. >>> I tried to disable snat for the router gateway, but the packet wasn't >>> going out from the external interface. Do i need to edit some iptable rules >>> or the disable snat option doesn't work? >>> >>> Thanks, >>> Akshay >>> _______________________________________________ >>> OpenStack-operators mailing list >>> OpenStack-operators@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> >> > >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
