[Rdo-list] I can't get access to VM instances

Pasquale Salza pasquale.salza at gmail.com
Fri Feb 20 22:07:02 UTC 2015


Hi Rhys,
I suppose so, because these are my iptables rules:

iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport www -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport pptp -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --sport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p tcp --dport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p udp --sport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p udp --dport domain -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p gre -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -p icmp -j ACCEPT
iptables -A INPUT -d 172.16.58.0/24 -j DROP
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

Firstly, do you think I planned the network organisation well? Do you have
other suggestion (best practices) with 2 interfaces?


2015-02-20 18:30 GMT+01:00 Rhys Oxenham <roxenham at redhat.com>:

> Hi Pasquale,
>
> Did you modify your security group rules to allow ICMP and/or 22:tcp
> access?
>
> Many thanks
> Rhys
>
> > On 20 Feb 2015, at 17:11, Pasquale Salza <pasquale.salza at gmail.com>
> wrote:
> >
> > Hi there, I have a lot of problems with RDO/OpenStack configuration.
> Firstly, I need to describe my network situation.
> >
> > I have 7 machine, each of them with 2 NIC. I would like to use one
> machine as a controller/network node and the others as compute nodes.
> >
> > I would like to use the eth0 to connect nodes to internet (and get
> access by remote sessions) with the network "172.16.58.0/24", in which I
> have just 7 available IPs, and eth1 as configuration network on the network
> 10.42.100.0/42.
> >
> > This is my current configuration, for each node (varying the IPs on each
> machine):
> >
> >     eth0:
> >     DEVICE=eth0
> >     TYPE=Ethernet
> >     ONBOOT=yes
> >     BOOTPROTO=static
> >     IPADDR=172.16.58.50
> >     NETMASK=255.255.255.0
> >     GATEWAY=172.16.58.254
> >     DNS1=172.16.58.50
> >     DOMAIN=###
> >     DEFROUTE="yes"
> >
> >     eth1:
> >     DEVICE=eth1
> >     TYPE=OVSPort
> >     DEVICETYPE=ovs
> >     OVS_BRIDGE=br-ex
> >     ONBOOT=yes
> >
> >     br-ex:
> >     DEVICE=br-ex
> >     DEVICETYPE=ovs
> >     TYPE=OVSBridge
> >     BOOTPROTO=static
> >     IPADDR=10.42.100.1
> >     NETMASK=255.255.255.0
> >     ONBOOT=yes
> >
> > I'd like to have instances on 10.42.200.0/24 virtual private network
> and the remaining IPs of 10.42.100.0/24 network as floating IPs.
> >
> > These are the relevant parts of my answers.txt file:
> >
> >     CONFIG_CONTROLLER_HOST=10.42.100.1
> >
>  CONFIG_COMPUTE_HOSTS=10.42.100.10,10.42.100.11,10.42.100.12,10.42.100.13,10.42.100.14,10.42.100.15
> >     CONFIG_NETWORK_HOSTS=10.42.100.1
> >     CONFIG_AMQP_HOST=10.42.100.1
> >     CONFIG_MARIADB_HOST=10.42.100.1
> >     CONFIG_NOVA_COMPUTE_PRIVIF=eth1
> >     CONFIG_NOVA_NETWORK_PUBIF=eth1
> >     CONFIG_NOVA_NETWORK_PRIVIF=eth1
> >     CONFIG_NOVA_NETWORK_FIXEDRANGE=10.42.200.0/24
> >     CONFIG_NOVA_NETWORK_FLOATRANGE=10.42.100.0/24
> >     CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
> >     CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
> >     CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
> >     CONFIG_NEUTRON_ML2_VNI_RANGES=10:100
> >     CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
> >     CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
> >     CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
> >     CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
> >
> > After the installation, I configure the network like this:
> >
> >     neutron router-create router
> >     neutron net-create private
> >     neutron subnet-create private 10.42.200.0/24 --name private-subnet
> >     neutron router-interface-add router private-subnet
> >     neutron net-create public --router:external=True
> >     neutron subnet-create public 10.42.100.0/24 --name public-subnet
> --enable_dhcp=False --allocation-pool start=10.42.100.100,end=10.42.100.200
> --no-gateway
> >     neutron router-gateway-set router public
> >
> > I'm able to launch instances but I can't get access (ping/ssh) to them.
> >
> > I don't know if I'm doing something wrong starting from planning.
> >
> > Please, help me!
> >
> > _______________________________________________
> > Rdo-list mailing list
> > Rdo-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/rdo-list
> >
> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>
>


-- 
Pasquale Salza

e-mail: pasquale.salza at gmail.com
phone: +39 393 4415978
fax: +39 089 8422939
skype: pasquale.salza
linkedin: http://it.linkedin.com/in/psalza/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20150220/993d305a/attachment.html>


More information about the dev mailing list