A fellow name George clued me into my problem. I had my secgroup rules set for source 0.0.0.0/24 which is stupid. This is how it should look:
root@kcon-cs-gen-01i:~# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ Thanks again, George. On Thu, May 2, 2013 at 6:27 PM, Greg Chavez <greg.cha...@gmail.com> wrote: > > I have Grizzly up and running on Ubuntu 13.04, following the excellent > instructions by Msekni Bilel. I'm using gre tunneling and per-tenant > routers. It looks something like this: > > http://chavezy.files.wordpress.com/2013/03/ostack-log-net_iscsi.png > > I was able to get a cirros m1.tiny VM launched easily. But although I've > associated a floating IP and configured secgroup rules, I am unable to get > any inbound traffic past the VM bridge. > > The internal network is 192.168.252.0/23. The floating IP range is > 10.21.166.1-254. The guest has IP 192.168.252.3 and is associate to > 10.21.166.2. > > So if I ping 10.21.166.2 from my external network, I can sniff the icmp > packets all the way to the VM linux bridge on the compute node. I can see > packets on qvb* but not tap*. > > From the VM console I am able to reach the external network. Packet dumps > show that traffic originates from 10.21.166.2. > > Finally, I see no hits on my secgroup rules. > > Any advice? I have interesting command output here: > http://pastebin.com/Cs514mkN > > Thanks in advance. > > -- > \*..+.- > --Greg Chavez > +//..;}; > -- \*..+.- --Greg Chavez +//..;};
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
