openstack team mailing list archive

[Jon Thomas <jthomas@xxxxxxxxxx>]

On Fri, 2012-09-28 at 09:43 -0700, Vishvananda Ishaya wrote:
> On Sep 28, 2012, at 6:58 AM, Jon Thomas <jthomas@xxxxxxxxxx> wrote:
> 
> > This appears to be fixed with 
> > 
> > iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
> > 
> > so basically set up nat on the outbound interface. I guess nova-network
> > doesn't set this up? 
> 
> No, nova does not set up masquerade; It uses snatting. If you have more than one interface, it probably is using the wrong ip for snatting.
> 
> Instead of the masquerade, you probably just need
> routing_source_ip=<ip_on_wlan_interface>
> 
> In your nova.conf file
> 
> and restart nova-network
> 
Thanks. routing_source_ip wasn't set and so the rule was using
127.0.0.1. However, I changed routing_source_ip to the wlan ip and it
still didn't work. But this is where it gets strange. Here's the snat
rule after starting up nova-network with
routing_source_ip=<ip_on_wlan_interface>

Chain nova-network-snat (1 references)
target     prot opt source               destination         
nova-network-float-snat  all  --  anywhere
anywhere            
SNAT       all  --  network/24           anywhere
to:192.168.1.3
 
Now I do a 

iptables -t nat -A nova-network-snat -s 10.0.1.0/24 -j SNAT --to-source
192.168.1.3

and ping then works! nova-network-snat is

Chain nova-network-snat (1 references)
target     prot opt source               destination         
nova-network-float-snat  all  --  anywhere
anywhere            
SNAT       all  --  network/24           anywhere
to:192.168.1.3
SNAT       all  --  network/24           anywhere
to:192.168.1.3

So for some reason, the rule created by nova-network has no affect, but
the manually created created later rule does.


> Vish