On 04/25/2012 01:03 PM, Calvin Walton wrote: > On Mon, 2012-04-23 at 06:45 -0700, Mike Scherbakov wrote: >> Hi Calvin, > Sorry I didn't respond earlier, the email temporarily got lost :) > >> show us iptables -nL -t nat | grep NAT on the node with nova-network. > > (192.168.0.101 is the nova-network node's "external" address) > > DNAT all -- 0.0.0.0/0 192.168.0.33 to:192.168.22.35 > DNAT all -- 0.0.0.0/0 192.168.0.88 to:192.168.22.41 > ACCEPT all -- 192.168.22.32/27 192.168.22.32/27 ! ctstate DNAT > DNAT tcp -- 0.0.0.0/0 169.254.169.254 tcp dpt:80 > to:192.168.0.101:8775 > DNAT all -- 0.0.0.0/0 192.168.0.33 to:192.168.22.35 > DNAT all -- 0.0.0.0/0 192.168.0.88 to:192.168.22.41 > SNAT all -- 192.168.22.35 0.0.0.0/0 to:192.168.0.33 > SNAT all -- 192.168.22.41 0.0.0.0/0 to:192.168.0.88 > SNAT all -- 192.168.22.32/27 0.0.0.0/0 to:192.168.0.101 > > Note that the nova-network is actually colocated on a machine that also > runs nova-compute; this is a small 2-node lab deployment. > >> Could it be that your fixed_range flag in nova.conf covers both >> subnets, >> like 192.168.0.0/16 ? > > My fixed_range is very small, and doesn't overlap: > --fixed_range=192.168.22.32/27 > >> Second reason - I presume that the traffic from VM will go via your >> router if you access another VM via floating IP, >> so router should know the route to 192.168.0.x (static/ospf?) > > 192.168.0.x is the office network, and communication between other > machines on that network and the router on that network all work fine. > > In the course of trying some other things out, I found that when I > enabled ipv4 forwarding on the nova-network box: > echo 1 >/proc/sys/net/ipv4/ip_forward > Then the virtual machines /were/ able to communicate with each-other via > their floating IP addresses. I'm still not sure about what's going on, > but it's good enough for our lab use now. >
In lab environments where openstack network isn't routed, you will need some special magic. Linux iptables doesn't allow a nat through a nat. Read more details here: https://github.com/heat-api/heat/wiki/Configuring-Floating-IPs >> >> Regards, >> >> On Fri, Apr 20, 2012 at 7:03 AM, Calvin Walton >> <calvin.wal...@kepstin.ca> wrote: >> Hi, >> >> I have instances running in Openstack using FlatDHCP >> networking mode. >> Each one has an IP address in the internal subnet >> (192.168.22.x) and a >> floating IP from the external subnet (192.168.0.x). >> >> I've found that from one instance, I cannot connect to another >> instance >> (or, in fact, even the same instance) via the external >> floating address >> (I have some monitoring tools that attempt to do this to >> verify that a >> server is running). Connections from external computers work >> fine. >> >> My best guess is that there is an issue with the NAT on my >> nova-network >> node not allowing loopback connections. Is this intentional, >> or a bug? >> Is there a workaround available? >> >> For reference, I'm currently using OpenStack from the >> 'latest-milestone-test' OpenStack PPA on Ubuntu 12.04 Precise. > > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp