[Openstack] instance's provider network ip can not be accessed from outside.

Jorge Luiz Correa correajl at gmail.com
Tue Dec 13 09:43:13 UTC 2016


Hum, have you checked the security group rules? By default, all traffic can
go out from VMs, but we need to create some rules to pass traffic from
outside to VMs.

I'm just making a bet. Maybe this iptables rule is the rule that drop the
packets when there is no rule do pass them from outside to inside.

:)

- JLC

On Tue, Dec 13, 2016 at 6:55 AM, walterxj <walterxj at gmail.com> wrote:

> Hi,
>
> I'm following the guide of newton with CentOS7 (http://docs.openstack.org/
> newton/install-guide-rdo/neutron.html) ,everything seems OK but when I
> ping the vm's ip (in provider network) from node(assume nodeA) on the
> provider physical network ,it returns unreachable.But nodeA can reach the
> provider network's dhcp and gateway ip. Also the vm can reach dhcp and
> gateway and nodeA's IP.
> After a long time research I found that the problem resulted in the
> compute-node's iptables:
> there is an iptables chain for each bridge,just like: -A
> neutron-linuxbri-i7f605f37-f -m comment --comment "Send unmatched traffic
> to the fallback chain." -j neutron-linuxbri-sg-fallback,when I delete
> this chain,the vm's provider network ip can be reached! Everything works
> well.Is this a bug or I have misconfigured something? Any advice is
> appreciated !
>
> ------------------------------
> walterxj
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20161213/980ddacb/attachment.html>


More information about the Openstack mailing list