Hi there, I deleted all the rules and added them back one by one, seeing if each change suddenly allowed connectivity. No improvement, unfortunately.
My current rules: Direction Ether Type IP Protocol Port Range Remote IP Prefix Remote Security Group Actions Ingress IPv4 ICMP Any 0.0.0.0/0 - Delete Rule Egress IPv4 ICMP Any 0.0.0.0/0 - Delete Rule Ingress IPv4 TCP 1 - 65535 0.0.0.0/0 - Delete Rule Egress IPv4 TCP 1 - 65535 0.0.0.0/0 - Delete Rule Ingress IPv4 TCP 1 - 65535 - default Delete Rule Egress IPv4 TCP 1 - 65535 - default Delete Rule Displaying 6 items Going back to my instances, pinging google: ubuntu@throwaway:~$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. >From 10.10.0.1 icmp_seq=17 Destination Net Unreachable >From 10.10.0.1 icmp_seq=18 Destination Net Unreachable ubuntu@throwaway:~$ ip route default via 10.10.0.1 dev eth0 10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.0.4 169.254.169.254 via 10.10.0.1 dev eth0 ubuntu@throwaway:~$ ip neigh 10.10.0.2 dev eth0 lladdr fa:16:3e:d7:e1:d5 STALE 10.10.0.1 dev eth0 lladdr fa:16:3e:7c:cf:b1 REACHABLE 10.10.0.3 dev eth0 lladdr fa:16:3e:13:c8:8b STALE So the gateway is 10.10.0.1 and the VM can reach it, but it somehow can't route to 8.8.8.8. Looking at my openstack router, I notice that it doesn't have a public IP address, only an internal one. NameFixed IPsStatusTypeAdmin StateActions (af24a36f-6790) <http://10.1.1.147/project/networks/ports/af24a36f-6790-4024-8ee2-b4fbbcb856ba/detail> - 10.10.0.1 Active Internal Interface UP Delete Interface >From other advice I received, the router should have both a public interface and a private one. So when I try to add a public interface, it requires me to first add a subnet. So I'm guessing I should be creating a subnet on the ext_net, in order to attach the external interface to it. I get the following error: *Error: *Failed to create subnet "172.26.1.0/24" for network "None": The resource could not be found. Neutron server returns request_ids: ['req-0e2edc22-c6a8-4038-89fd-26feb25393c6'] On Wed, Sep 28, 2016 at 7:23 PM, Turbo Fredriksson <tu...@bayour.com> wrote: > On Sep 28, 2016, at 5:32 PM, Imran Khakoo wrote: > > > I did add this rule to default security group, that was the first thing > > before I even launched an instance. > > Yeah, that should have done it. > > > Egress IPv4 Any Any 0.0.0.0/0 - > > Egress IPv4 ICMP Any - default > > Egress IPv4 TCP 80 (HTTP) - default > > Egress IPv4 TCP 443 (HTTPS) - default > > Ingress IPv4 Any Any - default > > Ingress IPv4 ICMP Any 0.0.0.0/0 - > > Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 - > > What strikes me is the sixth column. It is/should be the "Remote Security > Group" > column. > > I'm a little unsure on how to use that, but if all those rules come from > the 'default' security group, then you'll probably end up with a loop > or something.. > > > But because of the two Any/Any rules, you would not need the 80/443 rules. > Nor the 22 one. > -- > Life sucks and then you die > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack