[Openstack-operators] Double NAT in neutron ?
Dan Sneddon
dsneddon at redhat.com
Wed Oct 28 03:27:13 UTC 2015
Actually, I just reread your message, and it looks like you mean you were
trying to reach the VM on the public IP when the VM was using a private
floating IP. Ignore my previous comments, they were based on an incorrect
reading of your email.
I have done double NAT with OpenStack before (with a load balancer using
the public IP and a private IP as a floating IP), and it worked for most
things but certain protocols failed. Ping shouldn't have an issue between
2 NAT layers, though. You might want to make sure that the NAT gateway is
allowing inbound connections, and not just traffic initiated by the host
behind the NAT gateway.
-Dan Sneddon
----- Original Message -----
> If you have a NAT server that translates public IPs to private IPs, then it
> is
> always going to get the inbound traffic to the public IP.
>
> So, even if the public IPs are routable on the local network (are you sure
> they
> are?), you wouldn't be able to use those public IPs as long as the NAT server
> is
> listening for inbound traffic to those IPs. You might send traffic out, but
> the
> return traffic is going to go to the NAT server and not your VM.
>
> None of this has anything to do with OpenStack or private IPs, you just have
> local routing issues.
>
> -Dan Sneddon
>
> ----- Original Message -----
> > Dear All,
> >
> > We get a pool of Public IPs which statically map to private IP addresses .
> > If
> > I assign any one of those private IP address to physical interface it is
> > reachable from internet.
> >
> > In neutron setup I created the external network using the range of those
> > private ip addresses and associate them as Floating IPs to the instances .
> >
> > When I ping/connect using the floating IPs (range from private IPs) it
> > works
> > , but when I use the assigned public IP it cannot ping/connect.
> >
> >
> > Our setup:
> > internet -> public ip -> natted-private-ip ->neutron-internal-ip->instance
> > | |
> > | |
> > -- Natted (floating ips) --
> >
> > Typical setup:
> > internet -> public ip -> neutron-internal-ip->instance
> > | |
> > | |
> > -- Natted (floating ips) --
> >
> > Any hint ?
> >
> > --
> >
> > Regards
> >
> > Zeeshan Ali Shah
> > System Administrator - PDC HPC
> > PhD researcher (IT security)
> > Kungliga Tekniska Hogskolan
> > +46 8 790 9115
> > http://www.pdc.kth.se/members/zashah
> >
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >
>
More information about the OpenStack-operators
mailing list