[Openstack] [Grizzly] Inbound VM traffic fails at compute node
Greg Chavez
greg.chavez at gmail.com
Fri May 3 06:18:25 UTC 2013
A fellow name George clued me into my problem. I had my secgroup rules set
for source 0.0.0.0/24 which is stupid. This is how it should look:
root at kcon-cs-gen-01i:~# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
Thanks again, George.
On Thu, May 2, 2013 at 6:27 PM, Greg Chavez <greg.chavez at gmail.com> wrote:
>
> I have Grizzly up and running on Ubuntu 13.04, following the excellent
> instructions by Msekni Bilel. I'm using gre tunneling and per-tenant
> routers. It looks something like this:
>
> http://chavezy.files.wordpress.com/2013/03/ostack-log-net_iscsi.png
>
> I was able to get a cirros m1.tiny VM launched easily. But although I've
> associated a floating IP and configured secgroup rules, I am unable to get
> any inbound traffic past the VM bridge.
>
> The internal network is 192.168.252.0/23. The floating IP range is
> 10.21.166.1-254. The guest has IP 192.168.252.3 and is associate to
> 10.21.166.2.
>
> So if I ping 10.21.166.2 from my external network, I can sniff the icmp
> packets all the way to the VM linux bridge on the compute node. I can see
> packets on qvb* but not tap*.
>
> From the VM console I am able to reach the external network. Packet dumps
> show that traffic originates from 10.21.166.2.
>
> Finally, I see no hits on my secgroup rules.
>
> Any advice? I have interesting command output here:
> http://pastebin.com/Cs514mkN
>
> Thanks in advance.
>
> --
> \*..+.-
> --Greg Chavez
> +//..;};
>
--
\*..+.-
--Greg Chavez
+//..;};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130503/1fde90e0/attachment.html>
More information about the Openstack
mailing list
