<html><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px"><div>Hi Kyle, <br></div><div><br></div><div dir="ltr">ALL tcp, udp, icmp, ssh rules set using horizon access security link and using manages rules for secirity group. <br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">I am able to ssh into the instance. using key pair. <br></div><div dir="ltr"><br></div><div><span></span></div><div> </div><div id="yui_3_16_0_1_1420018451586_11156"><div id="yui_3_16_0_1_1420018451586_11155">
<br>Regards
<br>Neelu</div></div> <div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div style="font-family: Helvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 12px;"> <div dir="ltr"> <font face="Arial" size="2"> On Monday, 29 December 2014 9:23 PM, Kyle R <k.w.ritchie0@gmail.com> wrote:<br> </font> </div> <br><br> <div class="y_msg_container"><div id="yiv0367912820"><div><div dir="ltr">What do your security rules look like for that project/tenant? </div><div class="yiv0367912820gmail_extra"><br clear="none"><div class="yiv0367912820gmail_quote">On Mon, Dec 29, 2014 at 9:51 AM, somshekar kadam <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:som_kadam@yahoo.co.in" target="_blank" href="mailto:som_kadam@yahoo.co.in">som_kadam@yahoo.co.in</a>></span> wrote:<br clear="none"><blockquote class="yiv0367912820gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="yiv0367912820yqt3185019611" id="yiv0367912820yqt74947"><div><div style="color:#000;background-color:#fff;font-family:Helvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;"><div dir="ltr"><span>Hello All, <br clear="none"></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><span>I have openstack instance able to ping compute/controller and other hosts in the network. <br clear="none"></span></div><div dir="ltr"><span>Not able to ping <a rel="nofollow" shape="rect" target="_blank" href="http://google.com/">google.com</a> <br clear="none"></span></div><div dir="ltr">My external network is 10.10.126.xx</div><div dir="ltr"><br clear="none"></div><div dir="ltr">able to ping 10.10.126.1 gateway <br clear="none"></div><div dir="ltr"><br clear="none"></div><div dir="ltr">able to ping host controller 10.10.126.62 which also nova compute <br clear="none"></div><div dir="ltr">able to ping other hosts 10.10.126.54 and other machines in network. <br clear="none"></div><div dir="ltr">able to ping br100 and virbr0</div><div dir="ltr"><br clear="none"></div><div dir="ltr">enabled /etc/sysctl.conf to contain the following:
net.ipv4.ip_forward=1</div><div dir="ltr">and also enabled masquerading in the iptables</div><div dir="ltr">iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</div><div dir="ltr"><br clear="none"></div><div dir="ltr">internal IP of instance is 10.4.128.2 and floating IP assigned is 10.10.126.129 <br clear="none"><span></span></div><div dir="ltr">On instance route command <br clear="none"><span></span></div><div dir="ltr"><span>[root@newtry fedora]# route -n<br clear="none">Kernel IP routing table<br clear="none">Destination Gateway Genmask Flags Metric Ref Use Iface<br clear="none">0.0.0.0 10.4.128.3 0.0.0.0 UG 0 0 0 eth0<br clear="none">10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0<br clear="none">[root@newtry fedora]# <br clear="none"></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><span>on the controller machine <br clear="none"></span></div><div dir="ltr"><span>stack@celestial-PC-1:~$ route -n<br clear="none">Kernel IP routing table<br clear="none">Destination Gateway Genmask Flags Metric Ref Use Iface<br clear="none">0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0<br clear="none">10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 br100<br clear="none">10.10.126.0 0.0.0.0 255.255.255.0 U 0 0 0 br100<br clear="none">192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0<br clear="none">192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0<br clear="none">stack@celestial-PC-1:~$ <br clear="none"></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><span>on instance <br clear="none"></span></div><div dir="ltr"><span>[root@newtry fedora]# ip addr<br clear="none">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default <br clear="none"> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br clear="none"> inet <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo<br clear="none"> valid_lft forever preferred_lft forever<br clear="none"> inet6 ::1/128 scope host <br clear="none"> valid_lft forever preferred_lft forever<br clear="none">2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br clear="none"> link/ether fa:16:3e:20:e6:e5 brd ff:ff:ff:ff:ff:ff<br clear="none"> inet <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://10.4.128.2/20">10.4.128.2/20</a> brd 10.4.143.255 scope global eth0<br clear="none"> valid_lft forever preferred_lft forever<br clear="none"> inet6 fe80::f816:3eff:fe20:e6e5/64 scope link <br clear="none"> valid_lft forever preferred_lft forever<br clear="none">[root@newtry fedora]# <br clear="none"></span></div><div dir="ltr"><br clear="none"><span></span></div><div dir="ltr"><span></span></div><div> </div><div><div><div dir="ltr">what is missing not able to ping <a rel="nofollow" shape="rect" target="_blank" href="http://google.com/">google.com</a> from instance <br clear="none"></div><div dir="ltr">please help on this with your valuable suggestions <br clear="none"></div><div dir="ltr"><br clear="none"></div><div dir="ltr">thanks in advance <br clear="none">
</div><div><br clear="none"></div><div><br clear="none"></div>Regards
<br clear="none">Neelu</div></div><div><br clear="none"></div><div><br clear="none"><br clear="none"></div><div style="display:block;"><div style="font-family:Helvetica Neue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;"><div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12px;"> </div> </div> </div> </div></div></div><br clear="none">_______________________________________________<br clear="none">
Mailing list: <a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br clear="none">
Post to : <a rel="nofollow" shape="rect" ymailto="mailto:openstack@lists.openstack.org" target="_blank" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br clear="none">
Unsubscribe : <a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br clear="none">
<br clear="none"></blockquote></div><br clear="none"></div></div></div><br><br></div> </div> </div> </div> </div></body></html>