<div dir="ltr"><span id="result_box" class="" lang="en"><span class="">My</span> <span class="">OpenStack</span> <span class="">is</span> <span class="">allinone,</span> <span class="">in</span> <span class="">CentOs 6.4</span> <span class="">environment</span><span>.</span> <span class="">Virtual</span> <span class="">machines</span> <span class="">can ping</span> <span class="">the host</span><span>,</span> <span class="">virtual machines</span> <span class="">can</span> <span class="">ping each other</span> <span class="">can also</span> <span class="">ping the</span> <span class="">route</span> <span class="">created by</span> <span class="">the outer</span> <span class="">gateway</span><span class="">, but why</span> <span class="">still can not</span> <span class="">access the Internet。</span></span></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 30, 2013 at 8:00 PM,  <span dir="ltr"><<a href="mailto:openstack-operators-request@lists.openstack.org" target="_blank">openstack-operators-request@lists.openstack.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send OpenStack-operators mailing list submissions to<br>
        <a href="mailto:openstack-operators@lists.openstack.org">openstack-operators@lists.openstack.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:openstack-operators-request@lists.openstack.org">openstack-operators-request@lists.openstack.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:openstack-operators-owner@lists.openstack.org">openstack-operators-owner@lists.openstack.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of OpenStack-operators digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Nova Firewall -> Quantum (Jacob Godin)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 29 Aug 2013 15:16:48 -0300<br>
From: Jacob Godin <<a href="mailto:jacobgodin@gmail.com">jacobgodin@gmail.com</a>><br>
To: "<a href="mailto:openstack-operators@lists.openstack.org">openstack-operators@lists.openstack.org</a>"<br>
        <<a href="mailto:openstack-operators@lists.openstack.org">openstack-operators@lists.openstack.org</a>><br>
Subject: [Openstack-operators] Nova Firewall -> Quantum<br>
Message-ID:<br>
        <CA+WiSK5sKs=<a href="mailto:df%2Brq7iV-TbkVDXfzx7gAMXKdoJjND4_v-A3poA@mail.gmail.com">df+rq7iV-TbkVDXfzx7gAMXKdoJjND4_v-A3poA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi all,<br>
<br>
We're looking for a migration path to move from using Quantum + Nova's<br>
iptables firewall, to purely Quantum + Firewall. We have successfully setup<br>
Quantum's firewall to interact with Nova, and newly created instances on<br>
our test node work great.<br>
<br>
However, we are experiencing some issues with existing instances. There are<br>
some unpredictable results, including complete loss of connectivity. One<br>
way we have found to fix this is to migrate them to another host and then<br>
back again. This reconfigures the firewall entirely, and seems to do<br>
everything well.<br>
<br>
The problem with this approach is that we cannot use nova's live-migration<br>
due to our disk caching settings, so the instances must be powered down,<br>
the database then updated, and the instance hard rebooted.<br>
<br>
Has anyone performed this migration path? If so, any pointers?<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.openstack.org/pipermail/openstack-operators/attachments/20130829/461c98ee/attachment-0001.html" target="_blank">http://lists.openstack.org/pipermail/openstack-operators/attachments/20130829/461c98ee/attachment-0001.html</a>><br>

<br>
------------------------------<br>
<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br>
<br>
End of OpenStack-operators Digest, Vol 34, Issue 28<br>
***************************************************<br>
</blockquote></div><br></div>