openstack team mailing list archive

[Jon Thomas <jthomas@xxxxxxxxxx>]

This appears to be fixed with 

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

so basically set up nat on the outbound interface. I guess nova-network
doesn't set this up? 

You will need to have net.ipv4.ip_forward = 1 in /etc/sysctl.conf too. 
There also needs to be FORWARD entries and nova-network sets these up.

Chain nova-network-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source
destination         
   36  2880 ACCEPT     all  --  demonetbr0 *       0.0.0.0/0
0.0.0.0/0           
    4   336 ACCEPT     all  --  *      demonetbr0  0.0.0.0/0
0.0.0.0/0           



On Fri, 2012-09-28 at 09:27 -0400, Jon Thomas wrote:
> Thanks for the feedback and info. No fix yet, but using tcpdump -nnvvXS
> -i wlan0 icmp on the control node, it would appear that the outbound
> interface is showing ICMP echo request, but no replies. I see replies
> when I ping from the control host. 
> 
> I could be completely wrong, but my guess is dns works because of
> dnsmasq. So it's a case where dnsmasq listens on the bridge, gets dns
> req, forwards the req on the outbound interface, gets reply and then
> sends reply out the bridge interface to VM. 
> 
> I saw this problem before and somehow it fixed itself. I've since
> upgraded to Folsom and I'm back to having the original problem.
> 
> On Fri, 2012-09-28 at 09:50 -0300, Gui Maluf wrote:
> > Jon, I was facing a similar problem, the only difference was I had 2
> > NICs. I've tried many things to figure out what was happening, but I
> > found nothing.
> > What I did to fix it was use
> > multi_host[https://lists.launchpad.net/openstack/msg16656.html] set
> > up, then all vms was able to access internet.
> > I think a important information is the iptables NAT table.
> > And I workaround that may be usefull is kill dnsmasq, as restart nova services.
> > 
> > I would like to know more about why this is happening. Why vms can
> > resolve name but can't receive the packets back, is a iptable issue? a
> > route issue? masquerade, or what?
> > 
> > hope you can fix it
> > 
> > On Thu, Sep 27, 2012 at 3:08 PM, Jon Thomas <jthomas@xxxxxxxxxx> wrote:
> > > Hi,
> > >
> > > I have a control node running nova-network using FlatDHCPManager and a
> > > compute node only running nova-compute. It's a single nic setup. I can
> > > start VM's on the compute node and ssh/ping them from the control node.
> > > I can also ping from vm to control node bridge ip and em1 device ip.
> > > However, I cannot ping from the VM to outside internet ( although DNS
> > > apparently works). I set em1 on both to promisc and have ip-forwarding
> > > on. iptables seem to have the right entries. Any ideas?
> > >
> > > here's conf, iptables, etc:
> > >
> > > http://paste.openstack.org/show/21159/
> > >
> > > thx
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Mailing list: https://launchpad.net/~openstack
> > > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> > > Unsubscribe : https://launchpad.net/~openstack
> > > More help   : https://help.launchpad.net/ListHelp
> > 
> > 
> > 
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp