On 10/25/2012 10:27 AM, Christian Parpart wrote: > Hey all, > > we're having quite a few compute nodes with Essex installed and one central > nova-network gateway. > > We now have a few floating IPs set up to route from the world through the > gateway to these VMs. > > However, accessing these floating (public) IPs from inside a *tenant's VM* > results into timeouts, > but accessing the very same IP from a compute node (hypervisor) hosting those > VMs actually does work.
Is the floating IP assigned to the VM trying to access itself? I know there was a change to fix that (search for hairpin_mode) and pretty sure it was in Essex. > Now I'm a bit confused, it seems like a routing issue or iptables NAT thing > and > would be really greatful > if anyone can help me out with a hint. :) What does tcpdump on the bridge show? Are the packets going out and coming back? If not you need to start looking on other interfaces for it (or use -i any), and if that doesn't help start looking at the iptables counters for the rules associated with the instance. > Is this known to not work or what do you need from me to actually understand > my > issue a bit more? It should work assuming there is a security group rule allowing it, which is something else to look at. -Brian _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
