<div dir="ltr">I guess the, masquerade should be on br100<div><br></div><div>Regards,</div><div>yatin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 29, 2014 at 9:23 PM, Kyle R <span dir="ltr"><<a href="mailto:k.w.ritchie0@gmail.com" target="_blank">k.w.ritchie0@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">What do your security rules look like for that project/tenant? </div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Mon, Dec 29, 2014 at 9:51 AM, somshekar kadam <span dir="ltr"><<a href="mailto:som_kadam@yahoo.co.in" target="_blank">som_kadam@yahoo.co.in</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div><div style="color:#000;background-color:#fff;font-family:Helvetica Neue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif;font-size:16px"><div dir="ltr"><span>Hello All, <br></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><span>I have openstack instance able to ping compute/controller and other hosts in the network. <br></span></div><div dir="ltr"><span>Not able to ping <a href="http://google.com" target="_blank">google.com</a> <br></span></div><div dir="ltr">My external network is 10.10.126.xx</div><div dir="ltr"><br></div><div dir="ltr">able to ping 10.10.126.1 gateway <br></div><div dir="ltr"><br></div><div dir="ltr">able to ping host controller 10.10.126.62 which also nova compute <br></div><div dir="ltr">able to ping other hosts 10.10.126.54 and other machines in network. <br></div><div dir="ltr">able to ping br100 and virbr0</div><div dir="ltr"><br></div><div dir="ltr">enabled /etc/sysctl.conf to contain the following:
net.ipv4.ip_forward=1</div><div dir="ltr">and also enabled masquerading in the iptables</div><div dir="ltr">iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</div><div dir="ltr"><br></div><div dir="ltr">internal IP of instance is 10.4.128.2 and floating IP assigned is 10.10.126.129 <br><span></span></div><div dir="ltr">On instance route command <br><span></span></div><div dir="ltr"><span>[root@newtry fedora]# route -n<br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>0.0.0.0 10.4.128.3 0.0.0.0 UG 0 0 0 eth0<br>10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0<br>[root@newtry fedora]# <br></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><span>on the controller machine <br></span></div><div dir="ltr"><span>stack@celestial-PC-1:~$ route -n<br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0<br>10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 br100<br>10.10.126.0 0.0.0.0 255.255.255.0 U 0 0 0 br100<br>192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0<br>192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0<br>stack@celestial-PC-1:~$ <br></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><span>on instance <br></span></div><div dir="ltr"><span>[root@newtry fedora]# ip addr<br>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default <br> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo<br> valid_lft forever preferred_lft forever<br> inet6 ::1/128 scope host <br> valid_lft forever preferred_lft forever<br>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br> link/ether fa:16:3e:20:e6:e5 brd ff:ff:ff:ff:ff:ff<br> inet <a href="http://10.4.128.2/20" target="_blank">10.4.128.2/20</a> brd 10.4.143.255 scope global eth0<br> valid_lft forever preferred_lft forever<br> inet6 fe80::f816:3eff:fe20:e6e5/64 scope link <br> valid_lft forever preferred_lft forever<br>[root@newtry fedora]# <br></span></div><div dir="ltr"><br><span></span></div><div dir="ltr"><span></span></div><div> </div><div><div><div dir="ltr">what is missing not able to ping <a href="http://google.com" target="_blank">google.com</a> from instance <br></div><div dir="ltr">please help on this with your valuable suggestions <br></div><div dir="ltr"><br></div><div dir="ltr">thanks in advance <br>
</div><div><br></div><div><br></div>Regards
<br>Neelu</div></div><div><br></div><div><br><br></div><div style="display:block"><div style="font-family:Helvetica Neue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif;font-size:16px"><div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif;font-size:12px"> </div> </div> </div> </div></div><br></div></div>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>