<div dir="ltr">I believe you have checked the security group rules. Make sure the instance is able to ping the router. If yes the problem lies in your host's firewall rules. Flush the hosts iptable rules(you may take a backup before you do that). <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R <span dir="ltr"><<a href="mailto:srinivasreddy4390@gmail.com" target="_blank">srinivasreddy4390@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><div><div><div></div>hi ,<br></div>thanks for your reply .<br><br></div><div>1. i have checked ssh server is running in instance ..<br></div><div> ssh from one instance to another is possible using private network[demo-net] .<br></div><div>2. checked ssh is running in port 22<br></div><div>3. telnet <ip> 22 is not working .<br><br><br></div><div>4. output when i run ssh using verbose pasted at <br><br><a href="http://paste.openstack.org/show/112860/" target="_blank">http://paste.openstack.org/show/112860/</a><br><br><br></div> <br><br>==================================<br></div><div>ip tables output <br><br></div><div>my internal network for vm is 11.0.0.x and external network is 172.0.0.x <br><br></div><div><br>root@user-ThinkCentre-M73:/home/user# ip netns exec qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe iptables -t nat -S<br>-P PREROUTING ACCEPT<br>-P INPUT ACCEPT<br>-P OUTPUT ACCEPT<br>-P POSTROUTING ACCEPT<br>-N neutron-l3-agent-OUTPUT<br>-N neutron-l3-agent-POSTROUTING<br>-N neutron-l3-agent-PREROUTING<br>-N neutron-l3-agent-float-snat<br>-N neutron-l3-agent-snat<br>-N neutron-postrouting-bottom<br>-A PREROUTING -j neutron-l3-agent-PREROUTING<br>-A OUTPUT -j neutron-l3-agent-OUTPUT<br>-A POSTROUTING -j neutron-l3-agent-POSTROUTING<br>-A POSTROUTING -j neutron-postrouting-bottom<br>-A neutron-l3-agent-OUTPUT -d <a href="http://172.0.0.7/32" target="_blank">172.0.0.7/32</a> -j DNAT --to-destination 11.0.0.9<br>-A neutron-l3-agent-OUTPUT -d <a href="http://172.0.0.3/32" target="_blank">172.0.0.3/32</a> -j DNAT --to-destination 11.0.0.2<br>-A neutron-l3-agent-OUTPUT -d <a href="http://172.0.0.4/32" target="_blank">172.0.0.4/32</a> -j DNAT --to-destination 11.0.0.5<br>-A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o qg-ec80d9fb-82 -m conntrack ! --ctstate DNAT -j ACCEPT<br>-A neutron-l3-agent-PREROUTING -d <a href="http://169.254.169.254/32" target="_blank">169.254.169.254/32</a> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697<br>-A neutron-l3-agent-PREROUTING -d <a href="http://172.0.0.7/32" target="_blank">172.0.0.7/32</a> -j DNAT --to-destination 11.0.0.9<br>-A neutron-l3-agent-PREROUTING -d <a href="http://172.0.0.3/32" target="_blank">172.0.0.3/32</a> -j DNAT --to-destination 11.0.0.2<br>-A neutron-l3-agent-PREROUTING -d <a href="http://172.0.0.4/32" target="_blank">172.0.0.4/32</a> -j DNAT --to-destination 11.0.0.5<br>-A neutron-l3-agent-float-snat -s <a href="http://11.0.0.9/32" target="_blank">11.0.0.9/32</a> -j SNAT --to-source 172.0.0.7<br>-A neutron-l3-agent-float-snat -s <a href="http://11.0.0.2/32" target="_blank">11.0.0.2/32</a> -j SNAT --to-source 172.0.0.3<br>-A neutron-l3-agent-float-snat -s <a href="http://11.0.0.5/32" target="_blank">11.0.0.5/32</a> -j SNAT --to-source 172.0.0.4<br>-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat<br>-A neutron-l3-agent-snat -s <a href="http://11.0.0.0/24" target="_blank">11.0.0.0/24</a> -j SNAT --to-source 172.0.0.2<br>-A neutron-postrouting-bottom -j neutron-l3-agent-snat<br><br><br><br><br>=====================<br></div><div>i pasted my dump flows of br-tun at <br><a href="http://paste.openstack.org/show/112859/" target="_blank">http://paste.openstack.org/show/112859/</a><br></div><div><br><br><br></div><div>as per the doc<br> <a href="https://openstack.redhat.com/Networking_in_too_much_detail" target="_blank">https://openstack.redhat.com/Networking_in_too_much_detail</a><br></div><div><br></div><div>br-ex is connected to router , router is connected to br-int , br-int is connected to bt-tun .<br><br></div><div>i have captured at br-int . my ssh request is reaching to br-int but not going through tunnel .<br><br></div><span class=""><div>please help me .<br><br></div><div><br><br><br></div>thanks,<br>srinivas.<br><br></span><div><div class="h5"><div><div><div><div><br><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam <span dir="ltr"><<a href="mailto:sajhak@gmail.com" target="_blank">sajhak@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>Could be due to,</div><div> ssh server is not up and running in your instance,</div><div> or running in a different port rather than port 22,</div><div> or, ssh port access is restricted in openstack key pair configuration</div><div><br></div><div>You could also try telnet to check the connectivity, </div><div>$ telnet <ip> 22</div><div><br></div><div>Thanks,</div><div>Sajith</div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis <span dir="ltr"><<a href="mailto:zoltan.lajos.kis@ericsson.com" target="_blank">zoltan.lajos.kis@ericsson.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div>
<div lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Hi,</span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">What’s the output of running ssh with the verbose (-v) flag?</span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">BR,</span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)">Zoltan</span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri","sans-serif";color:rgb(31,73,125)"> </span></p>
<div style="border-width:medium medium medium 1.5pt;border-style:none none none solid;border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color blue;padding:0in 0in 0in 4pt">
<div>
<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) -moz-use-text-color -moz-use-text-color;padding:3pt 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10pt;font-family:"Tahoma","sans-serif""> Srinivasreddy R [mailto:<a href="mailto:srinivasreddy4390@gmail.com" target="_blank">srinivasreddy4390@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, September 17, 2014 5:16 PM<br>
<b>To:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> [Openstack] able to ping but not able to ssh to instance</span></p>
</div>
</div><div><div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">hi,</p>
</div>
<p class="MsoNormal">i am able to ping my instance form external network . </p>
</div>
<p class="MsoNormal">but not able to ssh to the instance . </p>
</div>
<p class="MsoNormal">i am using floating ip s for ping,ssh.</p>
</div>
<p class="MsoNormal" style="margin-bottom:12pt">please help me .<br>
<br>
thanks,<br>
srinivas.</p>
</div>
</div></div></div>
</div>
</div>
<br></div></div><span>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></span></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br>Best Regards<div>Sajith</div>
</font></span></div>
</blockquote></div><br></div></div></div></div></div></div></div></div></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>