I guess the, masquerade should be on br100 Regards, yatin
On Mon, Dec 29, 2014 at 9:23 PM, Kyle R <k.w.ritch...@gmail.com> wrote: > What do your security rules look like for that project/tenant? > > On Mon, Dec 29, 2014 at 9:51 AM, somshekar kadam <som_ka...@yahoo.co.in> > wrote: > >> Hello All, >> >> I have openstack instance able to ping compute/controller and other hosts >> in the network. >> Not able to ping google.com >> My external network is 10.10.126.xx >> >> able to ping 10.10.126.1 gateway >> >> able to ping host controller 10.10.126.62 which also nova compute >> able to ping other hosts 10.10.126.54 and other machines in network. >> able to ping br100 and virbr0 >> >> enabled /etc/sysctl.conf to contain the following: net.ipv4.ip_forward=1 >> and also enabled masquerading in the iptables >> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> internal IP of instance is 10.4.128.2 and floating IP assigned is >> 10.10.126.129 >> On instance route command >> [root@newtry fedora]# route -n >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> 0.0.0.0 10.4.128.3 0.0.0.0 UG 0 0 0 >> eth0 >> 10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 >> eth0 >> [root@newtry fedora]# >> >> on the controller machine >> stack@celestial-PC-1:~$ route -n >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 >> wlan0 >> 10.4.128.0 0.0.0.0 255.255.240.0 U 0 0 0 >> br100 >> 10.10.126.0 0.0.0.0 255.255.255.0 U 0 0 0 >> br100 >> 192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 >> wlan0 >> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 >> virbr0 >> stack@celestial-PC-1:~$ >> >> >> >> on instance >> [root@newtry fedora]# ip addr >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group >> default >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> valid_lft forever preferred_lft forever >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> state UP group default qlen 1000 >> link/ether fa:16:3e:20:e6:e5 brd ff:ff:ff:ff:ff:ff >> inet 10.4.128.2/20 brd 10.4.143.255 scope global eth0 >> valid_lft forever preferred_lft forever >> inet6 fe80::f816:3eff:fe20:e6e5/64 scope link >> valid_lft forever preferred_lft forever >> [root@newtry fedora]# >> >> >> what is missing not able to ping google.com from instance >> please help on this with your valuable suggestions >> >> thanks in advance >> >> >> Regards >> Neelu >> >> >> >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
