<div dir="ltr">You shouldn't have to do anything other than disable SNAT and set a route for your tenant network upstream. Do some packet captures at different points in the system and try to determine where your packets stop flowing. </div><br><div class="gmail_quote"><div dir="ltr">On Sat, Jan 16, 2016 at 10:48 AM Akshay Kumar Sanghai <<a href="mailto:akshaykumarsanghai@gmail.com">akshaykumarsanghai@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Aaron,<div>Do i need to add something in the iptables ? The setup is working fine with floating ip and snat enabled router.</div><div><br></div><div>Thanks,</div><div>Akshay</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 16, 2016 at 8:59 PM, Aaron Segura <span dir="ltr"><<a href="mailto:aaron.segura@gmail.com" target="_blank">aaron.segura@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">That is correct. You should be able to disable snat, then route the tenant network to the outside of the neutron router and communicate with your instances using their assigned fixed IP.<div><br><div>If your outbound packets aren't leaving your router, you have another problem. Start checking iptables rules and make sure all of your plumbing is right.<br></div><div><div><br><div class="gmail_quote"><div><div><div dir="ltr">On Fri, Jan 15, 2016 at 5:55 PM Akshay Kumar Sanghai <<a href="mailto:akshaykumarsanghai@gmail.com" target="_blank">akshaykumarsanghai@gmail.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><span style="font-size:12.8px">Hi,</span><div style="font-size:12.8px">In the cli of neutron router-gateway-set, thers is an option of disable snat. <a href="http://docs.openstack.org/cli-reference/neutron.html#neutron-router-gateway-set" target="_blank">http://docs.openstack.org/cli-reference/neutron.html#neutron-router-gateway-set</a></div><div style="font-size:12.8px"><br></div></div><div dir="ltr"><div style="font-size:12.8px">Does that mean i can create a tenant network and the packet will go out with the same fixed ip of the vm? Assume the tenant network created is routable or identifiable in the physical network.</div><div style="font-size:12.8px">I tried to disable snat for the router gateway, but the packet wasn't going out from the external interface. Do i need to edit some iptable rules or the disable snat option doesn't work?</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks,</div><div style="font-size:12.8px">Akshay</div></div></div></div><span>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a></span></blockquote><div> </div></div></div></div></div></div>
</blockquote></div><br></div>
</blockquote></div>