[openstack-dev] [devstack][neutron] How to give nested VM access to outside network?
Andreas Scheuring
scheuran at linux.vnet.ibm.com
Tue Aug 4 07:44:40 UTC 2015
Can you try answer 1 of [1]?
I've never tried it, but I heard from folks who configured it like that.
With this masquerading, your vm should be able to reach your 192.x
network. But as it's NAT it won't work the other way round (e.g.
establish a connection from outside into your vm)
The proper way would be to configure your provider network to match the
192.x subnet. In addition you would need to plug your 192.x interface
(eth0)? into the ovs br-ex. But be careful! This steps breaks
connectivity via this interface. So be sure that you're logged in via
another interface or via some vnc session.
If you have further questions regarding provider networks, feel free to
ask again!
[1]
https://ask.openstack.org/en/question/44266/connect-vm-in-devstack-to-external-network/
On Mo, 2015-08-03 at 22:07 -0600, Rich Megginson wrote:
> I'm running devstack in a VM (Fedora 21 host, EL 7.1.x VM) with a static
> IP address (because dhcp was not working):
>
> cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
> DEVICE="eth0"
> BOOTPROTO="static"
> DHCPCLASS=
> HWADDR=$VM_MAC
> IPADDR=192.168.122.5
> NETMASK=255.255.255.0
> GATEWAY=192.168.122.1
> ONBOOT=yes
> NM_CONTROLLED=no
> TYPE="Ethernet"
> USERCTL="yes"
> PEERDNS="yes"
> DNS1="192.168.122.1"
> IPV6INIT="no"
> EOF
>
> with Neutron networking enabled and Nova networking disabled:
>
> [[local|localrc]]
> IP_VERSION=4
> ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-sch,n-cond,n-crt,n-novnc,mysql,rabbit,dstat,quantum,q-svc,q-agt,q-dhcp,q-l3,q-meta
> SERVICE_HOST=127.0.0.1
> NETWORK_GATEWAY=10.0.0.1
> PUBLIC_NETWORK_GATEWAY=172.24.4.1
> ...
>
> I've followed this some, but I don't want to use the provider network:
> http://docs.openstack.org/developer/devstack/guides/neutron.html
>
> I've hacked the floating_ips exercise to use neutron networking commands:
>
> http://ur1.ca/ncjm6
>
> I can ssh into the nested VM, I can assign it a floating IP.
>
> However, it cannot see the outside world. From it, I can ping the
> 10.0.0.1 network and the 172.24.4.1 network, and even 192.168.122.5, but
> not 192.168.122.1 or anything outside of the VM.
>
> route looks like this: http://ur1.ca/ncjog
>
> ip addr looks like this: http://ur1.ca/ncjop
>
> Here is the entire output of stack.sh:
> https://rmeggins.fedorapeople.org/stack.out
>
> Here is the entire output of the exercise:
> https://rmeggins.fedorapeople.org/exercise.out
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Andreas
(IRC: scheuran)
More information about the OpenStack-dev
mailing list