openstack team mailing list archive

Thread
Date

Within VM Guest : Can't ping to DNS ip's. DNS lookup work. iptables?

To: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Harvey West <harvey.west@xxxxxxxxxxxxxx>
Date: Fri, 22 Feb 2013 15:39:58 +0000 (GMT)
Reply-to: Harvey West <harvey.west@xxxxxxxxxxxxxx>

>From reading http://docs.openstack.org/trunk/openstack-compute/admin/content/network-troubleshooting.html

I think its related to iptables NAT chain rules required. Am I on the right lines?

Openstack Host: /etc/nova/nova.conf

# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=10.0.2.32/27
--floating_range=10.0.1.224/27
--network_size=32
--flat_network_dhcp_start=10.0.2.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose

Openstack Host: ifconfig settings

br100 10.0.2.33/27
eth0    192.168.1.38/24     Gateway 192.168.1.200 (office network)
virbr0 192.168.1.122
vnet0

VM Guest: ifconfig settings
vtnet0 10.0.2.34

Openstack VM Guest instance IPs:
10.0.2.34
10.0.1.229 (floating ip pool)


So from this I think my

<floating ip> = 10.0.1.229
<fix ip> = 10.0.2.34


So I need to enter this ... Does this look right?

iptables -A nova-network-OUTPUT -d <floating ip>/27 -j DNAT --to-destination <fix ip>
iptables -A nova-network-PREROUTING -d <floating ip>/27 -j DNAT --to-destination <fix ip>
iptables -A nova-network-floating-snat -s <fix ip>/27 -j SNAT --to-source <floating ip>