[Openstack] able to ping but not able to ssh to instance
Srinivasreddy R
srinivasreddy4390 at gmail.com
Fri Sep 19 16:34:59 UTC 2014
Hi,
Tried to ssh form the network node to instance ..
Observed packets ssh packets are transmitted to and from . but connection
is not established .
What may be the reason .?
Below are few dumps in the path from external network of network node to
instance .
My instance overview is pasted at
http://paste.openstack.org/show/113366/
root at user-ThinkCentre-M73:/home/user# ssh cirros at 172.0.0.4 -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.0.0.4 [172.0.0.4] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version
dropbear_2012.55
debug1: no match: dropbear_2012.55
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "172.0.0.4" from file
"/root/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com
,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-cbc at lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,
hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,
hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,
hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,
umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit:
aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: bits set: 1019/2048
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Read from socket failed: Connection timed out
Ifconfig of router namespace in network node
root at user-ThinkCentre-M73:/home/user# ip netns exec
qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3924 (3.9 KB) TX bytes:3924 (3.9 KB)
qg-ec80d9fb-82 Link encap:Ethernet HWaddr fa:16:3e:b4:4e:6e
inet addr:172.0.0.2 Bcast:172.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feb4:4e6e/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:1222 errors:0 dropped:0 overruns:0 frame:0
TX packets:1105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:345583 (345.5 KB) TX bytes:112480 (112.4 KB)
qr-72d38d5b-5c Link encap:Ethernet HWaddr fa:16:3e:6a:fd:ce
inet addr:11.0.0.1 Bcast:11.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe6a:fdce/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:19529 errors:0 dropped:0 overruns:0 frame:0
TX packets:1283 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3046631 (3.0 MB) TX bytes:349969 (349.9 KB)
Tcpdump at interface connected to external bridge [ br-ex ] on network node
.
root at user-ThinkCentre-M73:/home/user# ip netns exec
qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe tcpdump -i qg-ec80d9fb-82
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qg-ec80d9fb-82, link-type EN10MB (Ethernet), capture size
65535 bytes
^C05:48:45.486622 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [S], seq
3976398776, win 29200, options [mss 1460,sackOK,TS val 4692954 ecr
0,nop,wscale 7], length 0
05:48:45.487671 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [S.], seq
3831484282, ack 3976398777, win 14480, options [mss 1460,sackOK,TS val
44193412 ecr 4692954,nop,wscale 3], length 0
05:48:45.487720 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 1, win
229, options [nop,nop,TS val 4692954 ecr 44193412], length 0
05:48:45.488031 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [P.], seq 1:42,
ack 1, win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 41
05:48:45.488678 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [.], ack 42,
win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 0
05:48:45.488933 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq 1:27,
ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 26
05:48:45.488992 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 27,
win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 0
05:48:45.489245 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412],
length 1448
05:48:45.489290 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [P.], seq
1490:2010, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412],
length 520
05:48:45.489847 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq
27:443, ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954],
length 416
05:48:45.490316 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [.], ack 42,
win 1810, options [nop,nop,TS val 44193412 ecr 4692954,nop,nop,sack 1
{1490:2010}], length 0
05:48:45.490386 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4692955 ecr 44193412],
length 1448
05:48:45.691646 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq
27:443, ack 42, win 1810, options [nop,nop,TS val 44193463 ecr
4692954,nop,nop,sack 1 {1490:2010}], length 416
05:48:45.691690 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 443,
win 237, options [nop,nop,TS val 4693005 ecr 44193463,nop,nop,sack 1
{27:443}], length 0
05:48:45.694466 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4693006 ecr 44193463],
length 1448
05:48:46.102461 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4693108 ecr 44193463],
length 1448
05:48:46.918464 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4693312 ecr 44193463],
length 1448
05:48:48.554444 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4693721 ecr 44193463],
length 1448
05:48:50.502461 ARP, Request who-has 172.0.0.117 tell 172.0.0.2, length 28
05:48:50.502547 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28
05:48:50.502559 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui Unknown),
length 28
05:48:50.502597 ARP, Reply 172.0.0.117 is-at 68:05:ca:0e:6b:b6 (oui
Unknown), length 28
05:48:51.830441 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4694540 ecr 44193463],
length 1448
05:48:58.374756 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4696176 ecr 44193463],
length 1448
05:49:11.462560 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4699448 ecr 44193463],
length 1448
05:49:37.606548 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4705984 ecr 44193463],
length 1448
05:49:42.614737 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28
05:49:42.614769 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui Unknown),
length 28
05:50:29.958757 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq
42:1490, ack 443, win 237, options [nop,nop,TS val 4719072 ecr 44193463],
length 1448
05:50:34.966723 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28
05:50:34.966750 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui Unknown),
length 28
Tcpdump at tap interface connected to instance at compute node .
This tap interface is connected to br-int on compute node .
root at user-ThinkCentre-M73:/home/user# tcpdump -i tapb0373360-21 port 22
tcpdump: WARNING: tapb0373360-21: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tapb0373360-21, link-type EN10MB (Ethernet), capture size
65535 bytes
05:49:00.295624 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [S], seq
3976398776, win 29200, options [mss 1460,sackOK,TS val 4692954 ecr
0,nop,wscale 7], length 0
05:49:00.295758 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [S.], seq
3831484282, ack 3976398777, win 14480, options [mss 1460,sackOK,TS val
44193412 ecr 4692954,nop,wscale 3], length 0
05:49:00.296464 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 1, win
229, options [nop,nop,TS val 4692954 ecr 44193412], length 0
05:49:00.296738 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [P.], seq 1:42,
ack 1, win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 41
05:49:00.296798 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [.], ack 42, win
1810, options [nop,nop,TS val 44193412 ecr 4692954], length 0
05:49:00.297069 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq 1:27,
ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 26
05:49:00.297122 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq
27:443, ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954],
length 416
05:49:00.297717 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 27, win
229, options [nop,nop,TS val 4692954 ecr 44193412], length 0
05:49:00.298022 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [P.], seq
1490:2010, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412],
length 520
05:49:00.298073 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [.], ack 42, win
1810, options [nop,nop,TS val 44193412 ecr 4692954,nop,nop,sack 1
{1490:2010}], length 0
05:49:00.498896 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq
27:443, ack 42, win 1810, options [nop,nop,TS val 44193463 ecr
4692954,nop,nop,sack 1 {1490:2010}], length 416
05:49:00.500531 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 443,
win 237, options [nop,nop,TS val 4693005 ecr 44193463,nop,nop,sack 1
{27:443}], length 0
Thanks,
Srinivas.
On Fri, Sep 19, 2014 at 3:32 PM, Raghu Vadapalli <rvatspacket at gmail.com>
wrote:
> Just to confirm if iptables are the issue try stopping iptables and see if
> it works and then you can debug further.
> —
> Sent from Mailbox <https://www.dropbox.com/mailbox>
>
>
> On Fri, Sep 19, 2014 at 3:55 AM, Srinivasreddy R <
> srinivasreddy4390 at gmail.com> wrote:
>
>> hi,
>> i had addeed a rule for (ingress, tcp, port 22 and cidr 0.0.0.0/0).
>> still not able to ssh .
>>
>> my instance overview
>> http://paste.openstack.org/show/113170/
>>
>>
>> i pasted my ip tables [ nat, mangle,filter] output ..
>>
>> please let me know i want to add or delete any thing in iptables .
>>
>> http://paste.openstack.org/show/113164/
>>
>>
>> thanks,
>> srinivas.
>>
>>
>>
>> On Fri, Sep 19, 2014 at 12:39 PM, Akilesh K <akilesh1597 at gmail.com>
>> wrote:
>>
>>> The mail from Andreas was correct you need to add a rule for
>>> (ingress, tcp, port 22 and cidr 0.0.0.0/0).
>>>
>>> In case the rule is already there. check the host firewall rules using
>>> iptables -t nat -L
>>> iptables -t mangle -L
>>> iptables -t filter -L
>>>
>>> None of the tables should have any rule.
>>>
>>> On Fri, Sep 19, 2014 at 9:41 AM, Srinivasreddy R <
>>> srinivasreddy4390 at gmail.com> wrote:
>>>
>>>> hi,
>>>> i have checked security group rules .
>>>> my instance is pinging to router and even a device in external network
>>>> .
>>>> mostly my problem may in host's firewall .
>>>> how can i identify which rule is dropping the ssh traffic .?
>>>> how can i confirm that ssh traffic is blocked at firewall .?
>>>> i there any way to see the firewall dropped packets ?
>>>>
>>>> thanks ,
>>>> srinivas.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Sep 18, 2014 at 7:36 PM, Akilesh K <akilesh1597 at gmail.com>
>>>> wrote:
>>>>
>>>>> I believe you have checked the security group rules. Make sure the
>>>>> instance is able to ping the router. If yes the problem lies in your host's
>>>>> firewall rules. Flush the hosts iptable rules(you may take a backup before
>>>>> you do that).
>>>>>
>>>>> On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R <
>>>>> srinivasreddy4390 at gmail.com> wrote:
>>>>>
>>>>>> hi ,
>>>>>> thanks for your reply .
>>>>>>
>>>>>> 1. i have checked ssh server is running in instance ..
>>>>>> ssh from one instance to another is possible using private
>>>>>> network[demo-net] .
>>>>>> 2. checked ssh is running in port 22
>>>>>> 3. telnet <ip> 22 is not working .
>>>>>>
>>>>>>
>>>>>> 4. output when i run ssh using verbose pasted at
>>>>>>
>>>>>> http://paste.openstack.org/show/112860/
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ==================================
>>>>>> ip tables output
>>>>>>
>>>>>> my internal network for vm is 11.0.0.x and external network is
>>>>>> 172.0.0.x
>>>>>>
>>>>>>
>>>>>> root at user-ThinkCentre-M73:/home/user# ip netns exec
>>>>>> qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe iptables -t nat -S
>>>>>> -P PREROUTING ACCEPT
>>>>>> -P INPUT ACCEPT
>>>>>> -P OUTPUT ACCEPT
>>>>>> -P POSTROUTING ACCEPT
>>>>>> -N neutron-l3-agent-OUTPUT
>>>>>> -N neutron-l3-agent-POSTROUTING
>>>>>> -N neutron-l3-agent-PREROUTING
>>>>>> -N neutron-l3-agent-float-snat
>>>>>> -N neutron-l3-agent-snat
>>>>>> -N neutron-postrouting-bottom
>>>>>> -A PREROUTING -j neutron-l3-agent-PREROUTING
>>>>>> -A OUTPUT -j neutron-l3-agent-OUTPUT
>>>>>> -A POSTROUTING -j neutron-l3-agent-POSTROUTING
>>>>>> -A POSTROUTING -j neutron-postrouting-bottom
>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.7/32 -j DNAT --to-destination
>>>>>> 11.0.0.9
>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.3/32 -j DNAT --to-destination
>>>>>> 11.0.0.2
>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.4/32 -j DNAT --to-destination
>>>>>> 11.0.0.5
>>>>>> -A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o
>>>>>> qg-ec80d9fb-82 -m conntrack ! --ctstate DNAT -j ACCEPT
>>>>>> -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp
>>>>>> --dport 80 -j REDIRECT --to-ports 9697
>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.7/32 -j DNAT
>>>>>> --to-destination 11.0.0.9
>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.3/32 -j DNAT
>>>>>> --to-destination 11.0.0.2
>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.4/32 -j DNAT
>>>>>> --to-destination 11.0.0.5
>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.9/32 -j SNAT --to-source
>>>>>> 172.0.0.7
>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.2/32 -j SNAT --to-source
>>>>>> 172.0.0.3
>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.5/32 -j SNAT --to-source
>>>>>> 172.0.0.4
>>>>>> -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
>>>>>> -A neutron-l3-agent-snat -s 11.0.0.0/24 -j SNAT --to-source 172.0.0.2
>>>>>> -A neutron-postrouting-bottom -j neutron-l3-agent-snat
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> =====================
>>>>>> i pasted my dump flows of br-tun at
>>>>>> http://paste.openstack.org/show/112859/
>>>>>>
>>>>>>
>>>>>>
>>>>>> as per the doc
>>>>>> https://openstack.redhat.com/Networking_in_too_much_detail
>>>>>>
>>>>>> br-ex is connected to router , router is connected to br-int , br-int
>>>>>> is connected to bt-tun .
>>>>>>
>>>>>> i have captured at br-int . my ssh request is reaching to br-int but
>>>>>> not going through tunnel .
>>>>>>
>>>>>> please help me .
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> thanks,
>>>>>> srinivas.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam <sajhak at gmail.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Could be due to,
>>>>>>> ssh server is not up and running in your instance,
>>>>>>> or running in a different port rather than port 22,
>>>>>>> or, ssh port access is restricted in openstack key pair
>>>>>>> configuration
>>>>>>>
>>>>>>> You could also try telnet to check the connectivity,
>>>>>>> $ telnet <ip> 22
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sajith
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis <
>>>>>>> zoltan.lajos.kis at ericsson.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> What’s the output of running ssh with the verbose (-v) flag?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> BR,
>>>>>>>>
>>>>>>>> Zoltan
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *From:* Srinivasreddy R [mailto:srinivasreddy4390 at gmail.com]
>>>>>>>> *Sent:* Wednesday, September 17, 2014 5:16 PM
>>>>>>>> *To:* openstack at lists.openstack.org
>>>>>>>> *Subject:* [Openstack] able to ping but not able to ssh to instance
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> hi,
>>>>>>>>
>>>>>>>> i am able to ping my instance form external network .
>>>>>>>>
>>>>>>>> but not able to ssh to the instance .
>>>>>>>>
>>>>>>>> i am using floating ip s for ping,ssh.
>>>>>>>>
>>>>>>>> please help me .
>>>>>>>>
>>>>>>>> thanks,
>>>>>>>> srinivas.
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Mailing list:
>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>>> Post to : openstack at lists.openstack.org
>>>>>>>> Unsubscribe :
>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best Regards
>>>>>>> Sajith
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list:
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>> Post to : openstack at lists.openstack.org
>>>>>> Unsubscribe :
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140919/46ce6419/attachment.html>
More information about the Openstack
mailing list