hi all , Thanks for your support . Now i am able to access instance from external network . from guide : http://docs.openstack.org/admin-guide-cloud/admin-guide-cloud.pdf
chapter : Enable ping and SSH on VMs thanks, srinivas. On Fri, Sep 19, 2014 at 10:04 PM, Srinivasreddy R < srinivasreddy4...@gmail.com> wrote: > Hi, > > > > Tried to ssh form the network node to instance .. > > Observed packets ssh packets are transmitted to and from . but > connection is not established . > > What may be the reason .? > > Below are few dumps in the path from external network of network node to > instance . > > > > > > My instance overview is pasted at > > http://paste.openstack.org/show/113366/ > > > > root@user-ThinkCentre-M73:/home/user# ssh cirros@172.0.0.4 -vvv > > OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: /etc/ssh/ssh_config line 19: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to 172.0.0.4 [172.0.0.4] port 22. > > debug1: Connection established. > > debug1: permanently_set_uid: 0/0 > > debug1: identity file /root/.ssh/id_rsa type -1 > > debug1: identity file /root/.ssh/id_rsa-cert type -1 > > debug1: identity file /root/.ssh/id_dsa type -1 > > debug1: identity file /root/.ssh/id_dsa-cert type -1 > > debug1: identity file /root/.ssh/id_ecdsa type -1 > > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > > debug1: identity file /root/.ssh/id_ed25519 type -1 > > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 > > debug1: Remote protocol version 2.0, remote software version > dropbear_2012.55 > > debug1: no match: dropbear_2012.55 > > debug2: fd 3 setting O_NONBLOCK > > debug3: load_hostkeys: loading entries for host "172.0.0.4" from file > "/root/.ssh/known_hosts" > > debug3: load_hostkeys: loaded 0 keys > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: curve25519-sha...@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com, > ecdsa-sha2-nistp384-cert-...@openssh.com, > ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com, > ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, > ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > aes128-...@openssh.com,aes256-...@openssh.com, > chacha20-poly1...@openssh.com > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > aes128-...@openssh.com,aes256-...@openssh.com, > chacha20-poly1...@openssh.com > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > > debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, > hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com > ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com, > hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com, > hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com, > umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, > hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com > ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com, > hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com, > hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com, > umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: > diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc > > debug2: kex_parse_kexinit: > aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc > > debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5 > > debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5 > > debug2: kex_parse_kexinit: none > > debug2: kex_parse_kexinit: none > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_setup: setup hmac-md5 > > debug1: kex: server->client aes128-ctr hmac-md5 none > > debug2: mac_setup: setup hmac-md5 > > debug1: kex: client->server aes128-ctr hmac-md5 none > > debug2: bits set: 1019/2048 > > debug1: sending SSH2_MSG_KEXDH_INIT > > debug1: expecting SSH2_MSG_KEXDH_REPLY > > Read from socket failed: Connection timed out > > > > > > > > > > Ifconfig of router namespace in network node > > > > > > root@user-ThinkCentre-M73:/home/user# ip netns exec > qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe ifconfig > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:65536 Metric:1 > > RX packets:48 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:3924 (3.9 KB) TX bytes:3924 (3.9 KB) > > > > qg-ec80d9fb-82 Link encap:Ethernet HWaddr fa:16:3e:b4:4e:6e > > inet addr:172.0.0.2 Bcast:172.0.0.255 Mask:255.255.255.0 > > inet6 addr: fe80::f816:3eff:feb4:4e6e/64 Scope:Link > > UP BROADCAST RUNNING MTU:1500 Metric:1 > > RX packets:1222 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1105 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:345583 (345.5 KB) TX bytes:112480 (112.4 KB) > > > > qr-72d38d5b-5c Link encap:Ethernet HWaddr fa:16:3e:6a:fd:ce > > inet addr:11.0.0.1 Bcast:11.0.0.255 Mask:255.255.255.0 > > inet6 addr: fe80::f816:3eff:fe6a:fdce/64 Scope:Link > > UP BROADCAST RUNNING MTU:1500 Metric:1 > > RX packets:19529 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1283 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:3046631 (3.0 MB) TX bytes:349969 (349.9 KB) > > > > > > > > > > Tcpdump at interface connected to external bridge [ br-ex ] on network > node . > > > > > > > > root@user-ThinkCentre-M73:/home/user# ip netns exec > qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe tcpdump -i qg-ec80d9fb-82 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > listening on qg-ec80d9fb-82, link-type EN10MB (Ethernet), capture size > 65535 bytes > > > > ^C05:48:45.486622 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [S], seq > 3976398776, win 29200, options [mss 1460,sackOK,TS val 4692954 ecr > 0,nop,wscale 7], length 0 > > 05:48:45.487671 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [S.], seq > 3831484282, ack 3976398777, win 14480, options [mss 1460,sackOK,TS val > 44193412 ecr 4692954,nop,wscale 3], length 0 > > 05:48:45.487720 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 1, > win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 0 > > 05:48:45.488031 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [P.], seq > 1:42, ack 1, win 229, options [nop,nop,TS val 4692954 ecr 44193412], length > 41 > > 05:48:45.488678 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [.], ack 42, > win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 0 > > 05:48:45.488933 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq > 1:27, ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], > length 26 > > 05:48:45.488992 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 27, > win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 0 > > 05:48:45.489245 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412], > length 1448 > > 05:48:45.489290 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [P.], seq > 1490:2010, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412], > length 520 > > 05:48:45.489847 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq > 27:443, ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], > length 416 > > 05:48:45.490316 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [.], ack 42, > win 1810, options [nop,nop,TS val 44193412 ecr 4692954,nop,nop,sack 1 > {1490:2010}], length 0 > > 05:48:45.490386 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4692955 ecr 44193412], > length 1448 > > 05:48:45.691646 IP 172.0.0.4.ssh > 172.0.0.117.55818: Flags [P.], seq > 27:443, ack 42, win 1810, options [nop,nop,TS val 44193463 ecr > 4692954,nop,nop,sack 1 {1490:2010}], length 416 > > 05:48:45.691690 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], ack 443, > win 237, options [nop,nop,TS val 4693005 ecr 44193463,nop,nop,sack 1 > {27:443}], length 0 > > 05:48:45.694466 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4693006 ecr 44193463], > length 1448 > > 05:48:46.102461 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4693108 ecr 44193463], > length 1448 > > 05:48:46.918464 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4693312 ecr 44193463], > length 1448 > > 05:48:48.554444 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4693721 ecr 44193463], > length 1448 > > 05:48:50.502461 ARP, Request who-has 172.0.0.117 tell 172.0.0.2, length 28 > > 05:48:50.502547 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28 > > 05:48:50.502559 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui > Unknown), length 28 > > 05:48:50.502597 ARP, Reply 172.0.0.117 is-at 68:05:ca:0e:6b:b6 (oui > Unknown), length 28 > > 05:48:51.830441 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4694540 ecr 44193463], > length 1448 > > 05:48:58.374756 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4696176 ecr 44193463], > length 1448 > > 05:49:11.462560 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4699448 ecr 44193463], > length 1448 > > 05:49:37.606548 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4705984 ecr 44193463], > length 1448 > > 05:49:42.614737 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28 > > 05:49:42.614769 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui > Unknown), length 28 > > 05:50:29.958757 IP 172.0.0.117.55818 > 172.0.0.4.ssh: Flags [.], seq > 42:1490, ack 443, win 237, options [nop,nop,TS val 4719072 ecr 44193463], > length 1448 > > 05:50:34.966723 ARP, Request who-has 172.0.0.4 tell 172.0.0.117, length 28 > > 05:50:34.966750 ARP, Reply 172.0.0.4 is-at fa:16:3e:b4:4e:6e (oui > Unknown), length 28 > > > > > > Tcpdump at tap interface connected to instance at compute node . > > This tap interface is connected to br-int on compute node . > > > > > > root@user-ThinkCentre-M73:/home/user# tcpdump -i tapb0373360-21 port 22 > > tcpdump: WARNING: tapb0373360-21: no IPv4 address assigned > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > listening on tapb0373360-21, link-type EN10MB (Ethernet), capture size > 65535 bytes > > 05:49:00.295624 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [S], seq > 3976398776, win 29200, options [mss 1460,sackOK,TS val 4692954 ecr > 0,nop,wscale 7], length 0 > > 05:49:00.295758 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [S.], seq > 3831484282, ack 3976398777, win 14480, options [mss 1460,sackOK,TS val > 44193412 ecr 4692954,nop,wscale 3], length 0 > > 05:49:00.296464 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 1, win > 229, options [nop,nop,TS val 4692954 ecr 44193412], length 0 > > 05:49:00.296738 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [P.], seq 1:42, > ack 1, win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 41 > > 05:49:00.296798 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [.], ack 42, > win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 0 > > 05:49:00.297069 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq 1:27, > ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], length 26 > > 05:49:00.297122 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq > 27:443, ack 42, win 1810, options [nop,nop,TS val 44193412 ecr 4692954], > length 416 > > 05:49:00.297717 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 27, > win 229, options [nop,nop,TS val 4692954 ecr 44193412], length 0 > > 05:49:00.298022 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [P.], seq > 1490:2010, ack 27, win 229, options [nop,nop,TS val 4692954 ecr 44193412], > length 520 > > 05:49:00.298073 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [.], ack 42, > win 1810, options [nop,nop,TS val 44193412 ecr 4692954,nop,nop,sack 1 > {1490:2010}], length 0 > > 05:49:00.498896 IP 11.0.0.5.ssh > 172.0.0.117.55818: Flags [P.], seq > 27:443, ack 42, win 1810, options [nop,nop,TS val 44193463 ecr > 4692954,nop,nop,sack 1 {1490:2010}], length 416 > > 05:49:00.500531 IP 172.0.0.117.55818 > 11.0.0.5.ssh: Flags [.], ack 443, > win 237, options [nop,nop,TS val 4693005 ecr 44193463,nop,nop,sack 1 > {27:443}], length 0 > > > > > > > > > > > > > > Thanks, > > Srinivas. > > > > > > > > > > > > On Fri, Sep 19, 2014 at 3:32 PM, Raghu Vadapalli <rvatspac...@gmail.com> > wrote: > >> Just to confirm if iptables are the issue try stopping iptables and see >> if it works and then you can debug further. >> — >> Sent from Mailbox <https://www.dropbox.com/mailbox> >> >> >> On Fri, Sep 19, 2014 at 3:55 AM, Srinivasreddy R < >> srinivasreddy4...@gmail.com> wrote: >> >>> hi, >>> i had addeed a rule for (ingress, tcp, port 22 and cidr 0.0.0.0/0). >>> still not able to ssh . >>> >>> my instance overview >>> http://paste.openstack.org/show/113170/ >>> >>> >>> i pasted my ip tables [ nat, mangle,filter] output .. >>> >>> please let me know i want to add or delete any thing in iptables . >>> >>> http://paste.openstack.org/show/113164/ >>> >>> >>> thanks, >>> srinivas. >>> >>> >>> >>> On Fri, Sep 19, 2014 at 12:39 PM, Akilesh K <akilesh1...@gmail.com> >>> wrote: >>> >>>> The mail from Andreas was correct you need to add a rule for >>>> (ingress, tcp, port 22 and cidr 0.0.0.0/0). >>>> >>>> In case the rule is already there. check the host firewall rules using >>>> iptables -t nat -L >>>> iptables -t mangle -L >>>> iptables -t filter -L >>>> >>>> None of the tables should have any rule. >>>> >>>> On Fri, Sep 19, 2014 at 9:41 AM, Srinivasreddy R < >>>> srinivasreddy4...@gmail.com> wrote: >>>> >>>>> hi, >>>>> i have checked security group rules . >>>>> my instance is pinging to router and even a device in external >>>>> network . >>>>> mostly my problem may in host's firewall . >>>>> how can i identify which rule is dropping the ssh traffic .? >>>>> how can i confirm that ssh traffic is blocked at firewall .? >>>>> i there any way to see the firewall dropped packets ? >>>>> >>>>> thanks , >>>>> srinivas. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Sep 18, 2014 at 7:36 PM, Akilesh K <akilesh1...@gmail.com> >>>>> wrote: >>>>> >>>>>> I believe you have checked the security group rules. Make sure the >>>>>> instance is able to ping the router. If yes the problem lies in your >>>>>> host's >>>>>> firewall rules. Flush the hosts iptable rules(you may take a backup >>>>>> before >>>>>> you do that). >>>>>> >>>>>> On Thu, Sep 18, 2014 at 7:32 PM, Srinivasreddy R < >>>>>> srinivasreddy4...@gmail.com> wrote: >>>>>> >>>>>>> hi , >>>>>>> thanks for your reply . >>>>>>> >>>>>>> 1. i have checked ssh server is running in instance .. >>>>>>> ssh from one instance to another is possible using private >>>>>>> network[demo-net] . >>>>>>> 2. checked ssh is running in port 22 >>>>>>> 3. telnet <ip> 22 is not working . >>>>>>> >>>>>>> >>>>>>> 4. output when i run ssh using verbose pasted at >>>>>>> >>>>>>> http://paste.openstack.org/show/112860/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ================================== >>>>>>> ip tables output >>>>>>> >>>>>>> my internal network for vm is 11.0.0.x and external network is >>>>>>> 172.0.0.x >>>>>>> >>>>>>> >>>>>>> root@user-ThinkCentre-M73:/home/user# ip netns exec >>>>>>> qrouter-f6e00f94-1c6d-4cf5-8cae-319e393240fe iptables -t nat -S >>>>>>> -P PREROUTING ACCEPT >>>>>>> -P INPUT ACCEPT >>>>>>> -P OUTPUT ACCEPT >>>>>>> -P POSTROUTING ACCEPT >>>>>>> -N neutron-l3-agent-OUTPUT >>>>>>> -N neutron-l3-agent-POSTROUTING >>>>>>> -N neutron-l3-agent-PREROUTING >>>>>>> -N neutron-l3-agent-float-snat >>>>>>> -N neutron-l3-agent-snat >>>>>>> -N neutron-postrouting-bottom >>>>>>> -A PREROUTING -j neutron-l3-agent-PREROUTING >>>>>>> -A OUTPUT -j neutron-l3-agent-OUTPUT >>>>>>> -A POSTROUTING -j neutron-l3-agent-POSTROUTING >>>>>>> -A POSTROUTING -j neutron-postrouting-bottom >>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.7/32 -j DNAT --to-destination >>>>>>> 11.0.0.9 >>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.3/32 -j DNAT --to-destination >>>>>>> 11.0.0.2 >>>>>>> -A neutron-l3-agent-OUTPUT -d 172.0.0.4/32 -j DNAT --to-destination >>>>>>> 11.0.0.5 >>>>>>> -A neutron-l3-agent-POSTROUTING ! -i qg-ec80d9fb-82 ! -o >>>>>>> qg-ec80d9fb-82 -m conntrack ! --ctstate DNAT -j ACCEPT >>>>>>> -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp >>>>>>> --dport 80 -j REDIRECT --to-ports 9697 >>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.7/32 -j DNAT >>>>>>> --to-destination 11.0.0.9 >>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.3/32 -j DNAT >>>>>>> --to-destination 11.0.0.2 >>>>>>> -A neutron-l3-agent-PREROUTING -d 172.0.0.4/32 -j DNAT >>>>>>> --to-destination 11.0.0.5 >>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.9/32 -j SNAT --to-source >>>>>>> 172.0.0.7 >>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.2/32 -j SNAT --to-source >>>>>>> 172.0.0.3 >>>>>>> -A neutron-l3-agent-float-snat -s 11.0.0.5/32 -j SNAT --to-source >>>>>>> 172.0.0.4 >>>>>>> -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat >>>>>>> -A neutron-l3-agent-snat -s 11.0.0.0/24 -j SNAT --to-source >>>>>>> 172.0.0.2 >>>>>>> -A neutron-postrouting-bottom -j neutron-l3-agent-snat >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ===================== >>>>>>> i pasted my dump flows of br-tun at >>>>>>> http://paste.openstack.org/show/112859/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> as per the doc >>>>>>> https://openstack.redhat.com/Networking_in_too_much_detail >>>>>>> >>>>>>> br-ex is connected to router , router is connected to br-int , >>>>>>> br-int is connected to bt-tun . >>>>>>> >>>>>>> i have captured at br-int . my ssh request is reaching to br-int but >>>>>>> not going through tunnel . >>>>>>> >>>>>>> please help me . >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> thanks, >>>>>>> srinivas. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Sep 17, 2014 at 9:30 PM, Sajith Kariyawasam < >>>>>>> saj...@gmail.com> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Could be due to, >>>>>>>> ssh server is not up and running in your instance, >>>>>>>> or running in a different port rather than port 22, >>>>>>>> or, ssh port access is restricted in openstack key pair >>>>>>>> configuration >>>>>>>> >>>>>>>> You could also try telnet to check the connectivity, >>>>>>>> $ telnet <ip> 22 >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Sajith >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Sep 17, 2014 at 8:59 PM, Zoltán Lajos Kis < >>>>>>>> zoltan.lajos....@ericsson.com> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> What’s the output of running ssh with the verbose (-v) flag? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> BR, >>>>>>>>> >>>>>>>>> Zoltan >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *From:* Srinivasreddy R [mailto:srinivasreddy4...@gmail.com] >>>>>>>>> *Sent:* Wednesday, September 17, 2014 5:16 PM >>>>>>>>> *To:* openstack@lists.openstack.org >>>>>>>>> *Subject:* [Openstack] able to ping but not able to ssh to >>>>>>>>> instance >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> hi, >>>>>>>>> >>>>>>>>> i am able to ping my instance form external network . >>>>>>>>> >>>>>>>>> but not able to ssh to the instance . >>>>>>>>> >>>>>>>>> i am using floating ip s for ping,ssh. >>>>>>>>> >>>>>>>>> please help me . >>>>>>>>> >>>>>>>>> thanks, >>>>>>>>> srinivas. >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Mailing list: >>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>>>> Post to : openstack@lists.openstack.org >>>>>>>>> Unsubscribe : >>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Best Regards >>>>>>>> Sajith >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Mailing list: >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>> Post to : openstack@lists.openstack.org >>>>>>> Unsubscribe : >>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
