hi, i had addeed a rule for (ingress, tcp, port 22 and cidr 0.0.0.0/0). still not able to ssh .
my instance overview http://paste.openstack.org/show/113170/ i pasted my ip tables [ nat, mangle,filter] output .. please let me know i want to add or delete any thing in iptables . http://paste.openstack.org/show/113164/ thanks, srinivas. On Fri, Sep 19, 2014 at 12:39 PM, Akilesh K <akilesh1...@gmail.com> wrote: > The mail from Andreas was correct you need to add a rule for (ingress, > tcp, port 22 and cidr 0.0.0.0/0). > > In case the rule is already there. check the host firewall rules using > iptables -t nat -L > iptables -t mangle -L > iptables -t filter -L > > None of the tables should have any rule. > > On Fri, Sep 19, 2014 at 9:41 AM, Srinivasreddy R < > srinivasreddy4...@gmail.com> wrote: > >> hi, >> i have checked security group rules . >> my instance is pinging to router and even a device in external network . >> mostly my problem may in host's firewall . >> how can i identify which rule is dropping the ssh traffic .? >> how can i confirm that ssh traffic is blocked at firewall .? >> i there any way to see the firewall dropped packets ? >> >> thanks , >> srinivas. >> >> >> >> >> >> >> >> On Thu, Sep 18, 2014 at 7:36 PM, Akilesh K <akilesh1...@gmail.com> wrote: >> >>> I believe you have checked the security group rules. Make sure the >>> instance is able to ping the router. If yes the problem lies in your host's >>> firewall rules. Flush the hosts iptable rules(you may take a backup before >>> you do that). >>> >>> On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R < >>> srinivasreddy4...@gmail.com> wrote: >>> >>>> hi , >>>> thanks for your reply . >>>> >>>> 1. i have checked ssh server is running in instance .. >>>> ssh from one instance to another is possible using private >>>> network[demo-net] . >>>> 2. checked ssh is running in port 22 >>>> 3. telnet <ip> 22 is not working . >>>> >>>> >>>> 4. output when i run ssh using verbose pasted at >>>> >>>> http://paste.openstack.org/show/112860/ >>>> >>>> >>>> >>>> >>>> ================================== >>>> ip tables output >>>> >>>> my internal network for vm is 11.0.0.x and external network is >>>> 172.0.0.x >>>> >>>> >>>> root@user-ThinkCentre-M73:/home/user# ip netns exec >>>> qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe iptables -t nat -S >>>> -P PREROUTING ACCEPT >>>> -P INPUT ACCEPT >>>> -P OUTPUT ACCEPT >>>> -P POSTROUTING ACCEPT >>>> -N neutron-l3-agent-OUTPUT >>>> -N neutron-l3-agent-POSTROUTING >>>> -N neutron-l3-agent-PREROUTING >>>> -N neutron-l3-agent-float-snat >>>> -N neutron-l3-agent-snat >>>> -N neutron-postrouting-bottom >>>> -A PREROUTING -j neutron-l3-agent-PREROUTING >>>> -A OUTPUT -j neutron-l3-agent-OUTPUT >>>> -A POSTROUTING -j neutron-l3-agent-POSTROUTING >>>> -A POSTROUTING -j neutron-postrouting-bottom >>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.7/32 -j DNAT --to-destination >>>> 11.0.0.9 >>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.3/32 -j DNAT --to-destination >>>> 11.0.0.2 >>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.4/32 -j DNAT --to-destination >>>> 11.0.0.5 >>>> -A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o qg-ec80d9fb-82 >>>> -m conntrack ! --ctstate DNAT -j ACCEPT >>>> -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp >>>> --dport 80 -j REDIRECT --to-ports 9697 >>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.7/32 -j DNAT >>>> --to-destination 11.0.0.9 >>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.3/32 -j DNAT >>>> --to-destination 11.0.0.2 >>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.4/32 -j DNAT >>>> --to-destination 11.0.0.5 >>>> -A neutron-l3-agent-float-snat -s 11.0.0.9/32 -j SNAT --to-source >>>> 172.0.0.7 >>>> -A neutron-l3-agent-float-snat -s 11.0.0.2/32 -j SNAT --to-source >>>> 172.0.0.3 >>>> -A neutron-l3-agent-float-snat -s 11.0.0.5/32 -j SNAT --to-source >>>> 172.0.0.4 >>>> -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat >>>> -A neutron-l3-agent-snat -s 11.0.0.0/24 -j SNAT --to-source 172.0.0.2 >>>> -A neutron-postrouting-bottom -j neutron-l3-agent-snat >>>> >>>> >>>> >>>> >>>> ===================== >>>> i pasted my dump flows of br-tun at >>>> http://paste.openstack.org/show/112859/ >>>> >>>> >>>> >>>> as per the doc >>>> https://openstack.redhat.com/Networking_in_too_much_detail >>>> >>>> br-ex is connected to router , router is connected to br-int , br-int >>>> is connected to bt-tun . >>>> >>>> i have captured at br-int . my ssh request is reaching to br-int but >>>> not going through tunnel . >>>> >>>> please help me . >>>> >>>> >>>> >>>> >>>> thanks, >>>> srinivas. >>>> >>>> >>>> >>>> >>>> On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam <saj...@gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> Could be due to, >>>>> ssh server is not up and running in your instance, >>>>> or running in a different port rather than port 22, >>>>> or, ssh port access is restricted in openstack key pair >>>>> configuration >>>>> >>>>> You could also try telnet to check the connectivity, >>>>> $ telnet <ip> 22 >>>>> >>>>> Thanks, >>>>> Sajith >>>>> >>>>> >>>>> On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis < >>>>> zoltan.lajos....@ericsson.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> What’s the output of running ssh with the verbose (-v) flag? >>>>>> >>>>>> >>>>>> >>>>>> BR, >>>>>> >>>>>> Zoltan >>>>>> >>>>>> >>>>>> >>>>>> *From:* Srinivasreddy R [mailto:srinivasreddy4...@gmail.com] >>>>>> *Sent:* Wednesday, September 17, 2014 5:16 PM >>>>>> *To:* openstack@lists.openstack.org >>>>>> *Subject:* [Openstack] able to ping but not able to ssh to instance >>>>>> >>>>>> >>>>>> >>>>>> hi, >>>>>> >>>>>> i am able to ping my instance form external network . >>>>>> >>>>>> but not able to ssh to the instance . >>>>>> >>>>>> i am using floating ip s for ping,ssh. >>>>>> >>>>>> please help me . >>>>>> >>>>>> thanks, >>>>>> srinivas. >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>> Post to : openstack@lists.openstack.org >>>>>> Unsubscribe : >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Best Regards >>>>> Sajith >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> Post to : openstack@lists.openstack.org >>>> Unsubscribe : >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> >>>> >>> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
