openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #16589
Private instances can't access Internet
Hi Everyone. I just completed the steps in the OpenStack Compute Starter
Guide to get OpenStack up and running on my server, and everything is
working wonderfully except that my private instances cannot access the
public Internet.
I have configured the physical server on which OpenStack is running to
access the public Internet over eth0. I have also set up an internal
network on eth1 with a bridge so the instances, which all have fixed
private IP addresses (e.g. 192.168.4.x) should be able to ping the public
Internet through this bridge. However, this isn't working, and I'm hoping
you can help explain what I'm doing wrong.
I have already tried to setup IP forwarding by following the instructions
at https://lists.launchpad.net/openstack/msg15559.html, but this did not
help.
Here is my /etc/network/interfaces:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.1.130
netmask 255.255.0.0
broadcast 10.0.1.255
gateway 10.0.0.1
dns-nameservers 8.8.8.8
auto eth1
iface eth1 inet static
address 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
And here is my /etc/nova/nova.conf:
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=10.0.1.130
--ec2_host=10.0.1.130
--rabbit_host=10.0.1.130
--cc_host=10.0.1.130
--nova_url=http://10.0.1.130:8774/v1.1/
--routing_source_ip=10.0.1.130
--glance_api_servers=10.0.1.130:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.4
--sql_connection=mysql://novadbadmin:novasecret@10.0.1.130/nova
--ec2_url=http://10.0.1.130:8773/services/Cloud
--keystone_ec2_url=http://10.0.1.130:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
--libvirt_type=kvm
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
# vnc specific configuration
--novnc_enabled=true
--novncproxy_base_url=http://10.0.1.130:6080/vnc_auto.html
--vncserver_proxyclient_address=10.0.1.130
--vncserver_listen=10.0.1.130
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.4.1/27
#--floating_range=10.10.10.2/27
--network_size=32
--flat_network_dhcp_start=192.168.4.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose
Lastly, here is the command I used to create the network:
sudo nova-manage network create private
--fixed_range_v4=192.168.4.32/27--num_networks=1 --bridge=br100
--bridge_interface=eth1 --network_size=32
You can see that I'm not using a floating IP range. My instances are able
to access the public Internet if I change my configuration to use a
floating range, but I prefer to find a solution that allows me to assign an
internal IP to my instances and use the specified bridge to contact the
outside world.
Any help is appreciated, and many thanks in advance.
- Jason
Follow ups
