[Openstack] able to ping but not able to ssh to instance

Akilesh K akilesh1597 at gmail.com
Thu Sep 18 14:06:55 UTC 2014 

I believe you have checked the security group rules. Make sure the instance
is able to ping the router. If yes the problem lies in your host's firewall
rules. Flush the hosts iptable rules(you may take a backup before you do
that).

On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R <
srinivasreddy4390 at gmail.com> wrote:

> hi ,
> thanks for your reply .
>
> 1. i have checked ssh server is running in instance ..
>     ssh from one instance to another is possible using private
> network[demo-net] .
> 2. checked  ssh is running in port 22
> 3. telnet <ip>  22 is not working .
>
>
> 4. output when i run ssh using verbose  pasted at
>
> http://paste.openstack.org/show/112860/
>
>
>
>
> ==================================
> ip tables output
>
> my internal network for vm is 11.0.0.x and external network is 172.0.0.x
>
>
> root at user-ThinkCentre-M73:/home/user# ip netns exec
> qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe  iptables -t nat -S
> -P PREROUTING ACCEPT
> -P INPUT ACCEPT
> -P OUTPUT ACCEPT
> -P POSTROUTING ACCEPT
> -N neutron-l3-agent-OUTPUT
> -N neutron-l3-agent-POSTROUTING
> -N neutron-l3-agent-PREROUTING
> -N neutron-l3-agent-float-snat
> -N neutron-l3-agent-snat
> -N neutron-postrouting-bottom
> -A PREROUTING -j neutron-l3-agent-PREROUTING
> -A OUTPUT -j neutron-l3-agent-OUTPUT
> -A POSTROUTING -j neutron-l3-agent-POSTROUTING
> -A POSTROUTING -j neutron-postrouting-bottom
> -A neutron-l3-agent-OUTPUT -d 172.0.0.7/32 -j DNAT --to-destination
> 11.0.0.9
> -A neutron-l3-agent-OUTPUT -d 172.0.0.3/32 -j DNAT --to-destination
> 11.0.0.2
> -A neutron-l3-agent-OUTPUT -d 172.0.0.4/32 -j DNAT --to-destination
> 11.0.0.5
> -A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o qg-ec80d9fb-82 -m
> conntrack ! --ctstate DNAT -j ACCEPT
> -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp
> --dport 80 -j REDIRECT --to-ports 9697
> -A neutron-l3-agent-PREROUTING -d 172.0.0.7/32 -j DNAT --to-destination
> 11.0.0.9
> -A neutron-l3-agent-PREROUTING -d 172.0.0.3/32 -j DNAT --to-destination
> 11.0.0.2
> -A neutron-l3-agent-PREROUTING -d 172.0.0.4/32 -j DNAT --to-destination
> 11.0.0.5
> -A neutron-l3-agent-float-snat -s 11.0.0.9/32 -j SNAT --to-source
> 172.0.0.7
> -A neutron-l3-agent-float-snat -s 11.0.0.2/32 -j SNAT --to-source
> 172.0.0.3
> -A neutron-l3-agent-float-snat -s 11.0.0.5/32 -j SNAT --to-source
> 172.0.0.4
> -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
> -A neutron-l3-agent-snat -s 11.0.0.0/24 -j SNAT --to-source 172.0.0.2
> -A neutron-postrouting-bottom -j neutron-l3-agent-snat
>
>
>
>
> =====================
> i pasted my dump flows of br-tun at
> http://paste.openstack.org/show/112859/
>
>
>
> as per the doc
>  https://openstack.redhat.com/Networking_in_too_much_detail
>
> br-ex is connected to router , router is connected to br-int , br-int is
> connected to bt-tun .
>
> i have captured at br-int . my ssh request is reaching to br-int but not
> going through tunnel .
>
> please help me .
>
>
>
>
> thanks,
> srinivas.
>
>
>
>
> On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam <sajhak at gmail.com>
> wrote:
>
>> Hi,
>>
>> Could be due to,
>>     ssh server is not up and running in your instance,
>>     or running in a different port rather than port 22,
>>     or, ssh port access is restricted in openstack key pair configuration
>>
>> You could also try telnet to check the connectivity,
>> $ telnet <ip> 22
>>
>> Thanks,
>> Sajith
>>
>>
>> On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis <
>> zoltan.lajos.kis at ericsson.com> wrote:
>>
>>>  Hi,
>>>
>>>
>>>
>>> What’s the output of running ssh with the verbose (-v) flag?
>>>
>>>
>>>
>>> BR,
>>>
>>> Zoltan
>>>
>>>
>>>
>>> *From:* Srinivasreddy R [mailto:srinivasreddy4390 at gmail.com]
>>> *Sent:* Wednesday, September 17, 2014 5:16 PM
>>> *To:* openstack at lists.openstack.org
>>> *Subject:* [Openstack] able to ping but not able to ssh to instance
>>>
>>>
>>>
>>> hi,
>>>
>>> i am able to ping my instance form external network .
>>>
>>> but  not able to ssh to the instance .
>>>
>>> i am using floating ip s for ping,ssh.
>>>
>>> please help me .
>>>
>>> thanks,
>>> srinivas.
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>
>>
>> --
>> Best Regards
>> Sajith
>>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140918/300e90cb/attachment.html>

More information about the Openstack mailing list