[Openstack-operators] Double NAT in neutron ?
Dan Sneddon
dsneddon at redhat.com
Wed Oct 28 03:21:04 UTC 2015
If you have a NAT server that translates public IPs to private IPs, then it is
always going to get the inbound traffic to the public IP.
So, even if the public IPs are routable on the local network (are you sure they
are?), you wouldn't be able to use those public IPs as long as the NAT server is
listening for inbound traffic to those IPs. You might send traffic out, but the
return traffic is going to go to the NAT server and not your VM.
None of this has anything to do with OpenStack or private IPs, you just have
local routing issues.
-Dan Sneddon
----- Original Message -----
> Dear All,
>
> We get a pool of Public IPs which statically map to private IP addresses . If
> I assign any one of those private IP address to physical interface it is
> reachable from internet.
>
> In neutron setup I created the external network using the range of those
> private ip addresses and associate them as Floating IPs to the instances .
>
> When I ping/connect using the floating IPs (range from private IPs) it works
> , but when I use the assigned public IP it cannot ping/connect.
>
>
> Our setup:
> internet -> public ip -> natted-private-ip ->neutron-internal-ip->instance
> | |
> | |
> -- Natted (floating ips) --
>
> Typical setup:
> internet -> public ip -> neutron-internal-ip->instance
> | |
> | |
> -- Natted (floating ips) --
>
> Any hint ?
>
> --
>
> Regards
>
> Zeeshan Ali Shah
> System Administrator - PDC HPC
> PhD researcher (IT security)
> Kungliga Tekniska Hogskolan
> +46 8 790 9115
> http://www.pdc.kth.se/members/zashah
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
More information about the OpenStack-operators
mailing list