[Rdo-list] snat and my WRT54G router
Dan Sneddon
dsneddon at redhat.com
Wed Mar 23 00:48:41 UTC 2016
On 03/22/2016 05:17 PM, John Alway wrote:
>
>
> [stack at instack ~]$ neutron net-show public
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |
> | mtu | 0 |
> | name | public |
> | provider:network_type | vlan |
> | provider:physical_network | datacentre |
> | provider:segmentation_id | 10 |
> | router:external | True |
> | shared | False |
> | status | ACTIVE |
> | subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |
> | tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |
> +---------------------------+--------------------------------------+
>
> On Tue, Mar 22, 2016 at 1:03 PM, Dan Sneddon <dsneddon at redhat.com
> <mailto:dsneddon at redhat.com>> wrote:
>
> On 03/20/2016 12:11 PM, John Alway wrote:
> > Dan,
> >
> > I set everything up the way you mentioned. The network I have labeled
> > "external network" is marked as an "extnet". By which I mean, in the
> > Dashboard, under "Network Details" for my external network... It has
> > an entry "Provider Network-> Physical Network: extnet".
> >
> > I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did
> > this because two of the computers on my physical network are
> > 192.168.1.11 and 192.168.1.12).
> >
> > The virtual router has an IP address of 192.168.1.13 on the external
> > network, and the public_subnet on the external network has a gateway of
> > 192.168.1.2.
> >
> > You're right about my physical router. Its address is 192.168.1.1
> >
> > I tried pinging from a VM to the Internet, and it still fails.
> >
> > I then tried allocating floating IPs to a VM, and it still failed to
> > ping the Internet.
> >
> > So, I'm still not solved
> >
> > Thanks for your feedback!
> >
> > Regards,
> > ...John
> >
> >
> >
> > On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <dsneddon at redhat.com <mailto:dsneddon at redhat.com>
> > <mailto:dsneddon at redhat.com <mailto:dsneddon at redhat.com>>> wrote:
> >
> > I don't think the range you are using is the problem, although you
> > should be using 192.168.1.0/24 <http://192.168.1.0/24>
> <http://192.168.1.0/24> as your
> > subnet and 192.168.1.1 as the router gateway (assuming that the WRT
> > is .1). You can set the allocation pool to a range like
> > 192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1,
> > you will have to manually assign the virtual router IP (since the
> > default is .1 when you create a router on a /24 network).
> >
> > You say that your VMs are connected through a virtual router. Are
> > you using floating IPs? You can't just route the VM traffic to the
> > WRT router without SNAT on the virtual router, so make sure you set
> > that network to external.
> >
> > I suspect that the problem here might be that the virtual router
> > was using the same IP as the WRT router, or that you were doing
> > routing without SNAT because the network wasn't marked as external.
> >
> >> Dan Sneddon | Principal OpenStack Engineer |
> >> dsneddon at redhat.com <mailto:dsneddon at redhat.com>
> <mailto:dsneddon at redhat.com <mailto:dsneddon at redhat.com>>
> >
> > On Mar 19, 2016, at 4:39 PM, John Alway <jalway at gmail.com <mailto:jalway at gmail.com>
> > <mailto:jalway at gmail.com <mailto:jalway at gmail.com>>> wrote:
> >
> >> Hello,
> >>
> >> I'm still not able to get snat to work (connecting to the
> >> Internet) with my RDO all-in-one installation, and I'm wondering
> >> if my router is the issue.
> >>
> >> My router is a Linksys WRT54G, which does not support a "DHCP
> >> reservation" feature. I was able to set a fixed ip on it,
> >> because there is a range available from 192.168.1.2 through to
> >> 192.168.1.99, also 192.168.1.150 through 192.168.1.254.
> >>
> >> This is according to "toomanydonuts" posting here:
> >> http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Question/td-p/152001
> >>
> >> I've been using the lower address range. Could this be the
> >> problem, or should I look elsewhere?
> >>
> >> In my setup I have two private subnets, and three VMs. I can
> >> ping between the VMs, but can't ping the Internet. A virtual
> >> router connects the subnets and external network.
> >>
> >> I set up my external subnet as 192.168.1.0/28 <http://192.168.1.0/28>
> >> <http://192.168.1.0/28>. I use the 28 to limit the range for my
> >> router. The external range is the same as my actual physical
> >> addresses on my LAN.
> >>
> >> I should add, I'm not a network guy. I'm learning a lot of
> >> networking on the fly here.
> >>
> >> Thanks for any feedback!!
> >> ...John
> >> _______________________________________________
> >> Rdo-list mailing list
> >> Rdo-list at redhat.com <mailto:Rdo-list at redhat.com>
> <mailto:Rdo-list at redhat.com <mailto:Rdo-list at redhat.com>>
> >> https://www.redhat.com/mailman/listinfo/rdo-list
> >>
> >> To unsubscribe: rdo-list-unsubscribe at redhat.com
> <mailto:rdo-list-unsubscribe at redhat.com>
> >> <mailto:rdo-list-unsubscribe at redhat.com
> <mailto:rdo-list-unsubscribe at redhat.com>>
> >
> >
>
> The entry you are seeing for "Provider Network->Physical Network:
> extnet" just references which physical network you are using. The
> physical network name is related to the bridge mappings. The default
> bridge mapping is "datacentre:br-ex", so when I create a Public network
> with the default settings, the physical network is "datacentre". If you
> have different bridge mappings, then you might have a different
> physical network name.
>
> The property I am referring to is "router:external=True", which I'm not
> sure you can see in the Horizon dashboard. If you source "overcloudrc"
> on the Undercloud and run "neutron net-list" and then "neutron net-show
> <network>" on the external network, you will see this property,
> like this:
>
> [stack at instack ~]$ neutron net-show public
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |
> | mtu | 0 |
> | name | public |
> | provider:network_type | vlan |
> | provider:physical_network | datacentre |
> | provider:segmentation_id | 10 |
> | router:external | True |
> | shared | False |
> | status | ACTIVE |
> | subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |
> | tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |
> +---------------------------+--------------------------------------+
>
>
>
> I have an rdo all-in-one set up right now, and don't have a
> "Overcloudrc". I source "keystonerc_admin".
>
> I sourced it and checked the "neutron net-show external_network" and
> the "router:external" network entry does show "True".
>
>
>
>
>
>
> The fact that you are trying to attach to "extnet" might be the
> problem. Did you include a physical network to bridge mapping such as
> "extnet:br-ex" when you deployed using the
> --neutron-network-bridge-mappings CLI parameter?
>
> You can check the settings in
> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini on the
> controller(s) to see what your bridge mappings are. This is the
> default:
>
> bridge_mappings =datacentre:br-ex
>
>
>
> I can't find that file. I have an "/etc/neutron/plugins/ml2"
> directory, and inside of that there is the file
> "openvswitch_agent.ini". I checked "openvswitch_agent.ini" and it
> has the following entry:
>
> bridge_mappings = extnet:br-ex
>
>
>
>
>
>
> When I create an external network, I use a command line such as this
> (if the external net is on the native VLAN):
>
> $ neutron net-create ext-net --router:external \
> --provider:physical_network datacentre \
> --provider:network_type flat
>
> If the external net is on a VLAN, then I use a command like this:
>
> $ neutron net-create ext-net --router:external \
> --provider:physical_network datacentre \
> --provider:network_type vlan \
> --provider:segmentation_id 104
>
>
>
> Mine is set up with a "provider:network_type: flat"
>
> I assume that's right. I'm not 100% sure. According to my
> research, "VLAN" is distinguished from "native VLAN" by "tagging" or
> "trunking". I assume mine is native.
>
>
>
> So double check to make sure that you have created the network with
> --router:external, and that the physical network matches the bridge
> mappings. If these things are out of sync, you will need to correct
> that, and delete and recreate the network(s).
>
> Once you have worked all that out, and you are sure that you have the
> bridge mappings such that br-ex is hosting the external network, then
> you can move on to some simple troubleshooting:
>
> * Can you ping 192.168.1.1 from the namespace of the virtual router?
> (use "ip netns list" and "ip netns exec <namespace> ping 192.168.1.1")
>
>
> This fails!
> I get a "Destination Host Unreachable" result.
>
>
>
> * Can you ping the virtual router on the external network from the WRT
> router?
>
>
> I pinged 192.168.1.13, which is the virtual router's gateway to the
> external network, and it pings fine.
>
>
>
> * Can you see the outbound packets on br-ex using "sudo tcpdump -i
> br-ex"?
>
>
> Btw, I'm on CentOS. I believe so. Just learning how to do
> this. For example, I see 192.168.1.12.5280 > 173.194.204.106.80,
> which I believe is outbound.
>
>
> I also have settings for security as follows: "All" for TCP, UDP
> and ICMP, egress and ingress.
>
> So, somehow pinging from virtual router to the physical gateway fails.
>
> regards,
> ...John
>
>
>
> --
> Dan Sneddon | Principal OpenStack Engineer
> dsneddon at redhat.com <mailto:dsneddon at redhat.com> |
> redhat.com/openstack <http://redhat.com/openstack>
> 650.254.4025 <tel:650.254.4025> | dsneddon:irc @dxs:twitter
>
>
I didn't realize that you were on Packstack. The default external
network bridge mapping is created with the name "extnet" on Packstack.
Since you have extnet:br-ex, then your external network should have
provider:physical_network: extnet, provider:network_type: flat, and
provider:segmentation_id: null.
Did you recreate your subnet so that it is 192.168.1.0/24 instead of
192.168.1.0/28?
Being able to reach the gateway from the virtual router is a pretty
basic connectivity check, so if your WRT is accepting pings I would
focus on trying to get that to work (or maybe ping is blocked and you
have more connectivity than you realize).
--
Dan Sneddon | Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
More information about the dev
mailing list