<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">no idea?<br>
<br>
<br>
<br>
<br>
Le 30/04/2013 02:15, Michaël Van de Borne a écrit :<br>
</div>
<blockquote cite="mid:517F0D3E.5060809@cetic.be" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hi there,<br>
I'm running Grizzly on Ubuntu 12.04 in this topology:
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a moz-do-not-send="true"
href="http://docs.openstack.org/trunk/openstack-network/admin/content/connectivity.html">http://docs.openstack.org/trunk/openstack-network/admin/content/connectivity.html</a><br>
and using the per-tenant routers with private networks.<br>
<br>
I just found out that my VMs (except just one) can't access
internet if I associate them a floating ip.<br>
As soon as I disassociate the floating ip, the VM can ping 8.8.8.8<br>
<br>
Did anyone experienced this?<br>
<br>
Here is the iptables-save of the virtual router (configured thanks
to the l3 agent):<br>
(the VMs floating IPs are 192.168.202.X. The even wierdest thing
is that only the VM using the 192.168.202.4 floating ip can access
the internet).<br>
thanks for your help...<br>
<br>
<br>
root@rajesh:~# ip netns exec
qrouter-e75c9ae7-c814-42c3-bd9e-9002c025aa95 iptables-save<br>
# Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013<br>
*mangle<br>
:PREROUTING ACCEPT [103801:72619178]<br>
:INPUT ACCEPT [29779:8190400]<br>
:FORWARD ACCEPT [73997:64361803]<br>
:OUTPUT ACCEPT [3336:330688]<br>
:POSTROUTING ACCEPT [77333:64692491]<br>
COMMIT<br>
# Completed on Tue Apr 30 01:52:01 2013<br>
# Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013<br>
*nat<br>
:PREROUTING ACCEPT [1:84]<br>
:INPUT ACCEPT [0:0]<br>
:OUTPUT ACCEPT [0:0]<br>
:POSTROUTING ACCEPT [0:0]<br>
:quantum-l3-agent-OUTPUT - [0:0]<br>
:quantum-l3-agent-POSTROUTING - [0:0]<br>
:quantum-l3-agent-PREROUTING - [0:0]<br>
:quantum-l3-agent-float-snat - [0:0]<br>
:quantum-l3-agent-snat - [0:0]<br>
:quantum-postrouting-bottom - [0:0]<br>
-A PREROUTING -j quantum-l3-agent-PREROUTING<br>
-A OUTPUT -j quantum-l3-agent-OUTPUT<br>
-A POSTROUTING -j quantum-l3-agent-POSTROUTING<br>
-A POSTROUTING -j quantum-postrouting-bottom<br>
-A quantum-l3-agent-OUTPUT -d 192.168.202.4/32 -j DNAT
--to-destination 10.0.0.4<br>
-A quantum-l3-agent-OUTPUT -d 192.168.202.3/32 -j DNAT
--to-destination 10.0.0.2<br>
-A quantum-l3-agent-OUTPUT -d 192.168.202.6/32 -j DNAT
--to-destination 10.0.0.5<br>
-A quantum-l3-agent-POSTROUTING ! -i qg-53c422b7-8a ! -o
qg-53c422b7-8a -m conntrack ! --ctstate DNAT -j ACCEPT<br>
-A quantum-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp
--dport 80 -j REDIRECT --to-ports 9697<br>
-A quantum-l3-agent-PREROUTING -d 192.168.202.4/32 -j DNAT
--to-destination 10.0.0.4<br>
-A quantum-l3-agent-PREROUTING -d 192.168.202.3/32 -j DNAT
--to-destination 10.0.0.2<br>
-A quantum-l3-agent-PREROUTING -d 192.168.202.6/32 -j DNAT
--to-destination 10.0.0.5<br>
-A quantum-l3-agent-float-snat -s 10.0.0.4/32 -j SNAT --to-source
192.168.202.4<br>
-A quantum-l3-agent-float-snat -s 10.0.0.2/32 -j SNAT --to-source
192.168.202.3<br>
-A quantum-l3-agent-float-snat -s 10.0.0.5/32 -j SNAT --to-source
192.168.202.6<br>
-A quantum-l3-agent-snat -j quantum-l3-agent-float-snat<br>
-A quantum-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source
192.168.202.2<br>
-A quantum-postrouting-bottom -j quantum-l3-agent-snat<br>
COMMIT<br>
# Completed on Tue Apr 30 01:52:01 2013<br>
# Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013<br>
*filter<br>
:INPUT ACCEPT [0:0]<br>
:FORWARD ACCEPT [23:2028]<br>
:OUTPUT ACCEPT [0:0]<br>
:quantum-filter-top - [0:0]<br>
:quantum-l3-agent-FORWARD - [0:0]<br>
:quantum-l3-agent-INPUT - [0:0]<br>
:quantum-l3-agent-OUTPUT - [0:0]<br>
:quantum-l3-agent-local - [0:0]<br>
-A INPUT -j quantum-l3-agent-INPUT<br>
-A FORWARD -j quantum-filter-top<br>
-A FORWARD -j quantum-l3-agent-FORWARD<br>
-A OUTPUT -j quantum-filter-top<br>
-A OUTPUT -j quantum-l3-agent-OUTPUT<br>
-A quantum-filter-top -j quantum-l3-agent-local<br>
-A quantum-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport
9697 -j ACCEPT<br>
COMMIT<br>
# Completed on Tue Apr 30 01:52:01 2013<br>
<br>
<br>
michaël<br>
<br>
<pre class="moz-signature" cols="72">--
Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.cetic.be">www.cetic.be</a>, rue des Frères Wright, 29/3, B-6041 Charleroi
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</body>
</html>