hi, i have checked security group rules . my instance is pinging to router and even a device in external network . mostly my problem may in host's firewall . how can i identify which rule is dropping the ssh traffic .? how can i confirm that ssh traffic is blocked at firewall .? i there any way to see the firewall dropped packets ?
thanks , srinivas. On Thu, Sep 18, 2014 at 7:36 PM, Akilesh K <akilesh1...@gmail.com> wrote: > I believe you have checked the security group rules. Make sure the > instance is able to ping the router. If yes the problem lies in your host's > firewall rules. Flush the hosts iptable rules(you may take a backup before > you do that). > > On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R < > srinivasreddy4...@gmail.com> wrote: > >> hi , >> thanks for your reply . >> >> 1. i have checked ssh server is running in instance .. >> ssh from one instance to another is possible using private >> network[demo-net] . >> 2. checked ssh is running in port 22 >> 3. telnet <ip> 22 is not working . >> >> >> 4. output when i run ssh using verbose pasted at >> >> http://paste.openstack.org/show/112860/ >> >> >> >> >> ================================== >> ip tables output >> >> my internal network for vm is 11.0.0.x and external network is 172.0.0.x >> >> >> root@user-ThinkCentre-M73:/home/user# ip netns exec >> qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe iptables -t nat -S >> -P PREROUTING ACCEPT >> -P INPUT ACCEPT >> -P OUTPUT ACCEPT >> -P POSTROUTING ACCEPT >> -N neutron-l3-agent-OUTPUT >> -N neutron-l3-agent-POSTROUTING >> -N neutron-l3-agent-PREROUTING >> -N neutron-l3-agent-float-snat >> -N neutron-l3-agent-snat >> -N neutron-postrouting-bottom >> -A PREROUTING -j neutron-l3-agent-PREROUTING >> -A OUTPUT -j neutron-l3-agent-OUTPUT >> -A POSTROUTING -j neutron-l3-agent-POSTROUTING >> -A POSTROUTING -j neutron-postrouting-bottom >> -A neutron-l3-agent-OUTPUT -d 172.0.0.7/32 -j DNAT --to-destination >> 11.0.0.9 >> -A neutron-l3-agent-OUTPUT -d 172.0.0.3/32 -j DNAT --to-destination >> 11.0.0.2 >> -A neutron-l3-agent-OUTPUT -d 172.0.0.4/32 -j DNAT --to-destination >> 11.0.0.5 >> -A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o qg-ec80d9fb-82 >> -m conntrack ! --ctstate DNAT -j ACCEPT >> -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp >> --dport 80 -j REDIRECT --to-ports 9697 >> -A neutron-l3-agent-PREROUTING -d 172.0.0.7/32 -j DNAT --to-destination >> 11.0.0.9 >> -A neutron-l3-agent-PREROUTING -d 172.0.0.3/32 -j DNAT --to-destination >> 11.0.0.2 >> -A neutron-l3-agent-PREROUTING -d 172.0.0.4/32 -j DNAT --to-destination >> 11.0.0.5 >> -A neutron-l3-agent-float-snat -s 11.0.0.9/32 -j SNAT --to-source >> 172.0.0.7 >> -A neutron-l3-agent-float-snat -s 11.0.0.2/32 -j SNAT --to-source >> 172.0.0.3 >> -A neutron-l3-agent-float-snat -s 11.0.0.5/32 -j SNAT --to-source >> 172.0.0.4 >> -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat >> -A neutron-l3-agent-snat -s 11.0.0.0/24 -j SNAT --to-source 172.0.0.2 >> -A neutron-postrouting-bottom -j neutron-l3-agent-snat >> >> >> >> >> ===================== >> i pasted my dump flows of br-tun at >> http://paste.openstack.org/show/112859/ >> >> >> >> as per the doc >> https://openstack.redhat.com/Networking_in_too_much_detail >> >> br-ex is connected to router , router is connected to br-int , br-int is >> connected to bt-tun . >> >> i have captured at br-int . my ssh request is reaching to br-int but not >> going through tunnel . >> >> please help me . >> >> >> >> >> thanks, >> srinivas. >> >> >> >> >> On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam <saj...@gmail.com> >> wrote: >> >>> Hi, >>> >>> Could be due to, >>> ssh server is not up and running in your instance, >>> or running in a different port rather than port 22, >>> or, ssh port access is restricted in openstack key pair configuration >>> >>> You could also try telnet to check the connectivity, >>> $ telnet <ip> 22 >>> >>> Thanks, >>> Sajith >>> >>> >>> On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis < >>> zoltan.lajos....@ericsson.com> wrote: >>> >>>> Hi, >>>> >>>> >>>> >>>> What’s the output of running ssh with the verbose (-v) flag? >>>> >>>> >>>> >>>> BR, >>>> >>>> Zoltan >>>> >>>> >>>> >>>> *From:* Srinivasreddy R [mailto:srinivasreddy4...@gmail.com] >>>> *Sent:* Wednesday, September 17, 2014 5:16 PM >>>> *To:* openstack@lists.openstack.org >>>> *Subject:* [Openstack] able to ping but not able to ssh to instance >>>> >>>> >>>> >>>> hi, >>>> >>>> i am able to ping my instance form external network . >>>> >>>> but not able to ssh to the instance . >>>> >>>> i am using floating ip s for ping,ssh. >>>> >>>> please help me . >>>> >>>> thanks, >>>> srinivas. >>>> >>>> _______________________________________________ >>>> Mailing list: >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> Post to : openstack@lists.openstack.org >>>> Unsubscribe : >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> >>>> >>> >>> >>> -- >>> Best Regards >>> Sajith >>> >> >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
