Question #197244 “Two networks, one is reachable, the other is n...” : Questions : neutron

Revision history for this message

Havent (guestly) said on 2012-05-15:

#1

Plus, my nova conf is as below:

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
#--force_dhcp_release
#--iscsi_helper=tgtadm
#--libvirt_use_virtio_for_bridges
#--connection_type=libvirt
--root_helper=sudo nova-rootwrap
#--verbose
#--ec2_private_dns_show_ip
--quantum_use_dhcp=true

# LOGS/STATE
--verbose=True

# AUTHENTICATION
--auth_strategy=keystone

# SCHEDULER
--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_default_filters=AllHostsFilter

# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm

# DATABASE
--sql_connection=mysql://nova:passwd@10.131.0.244/nova

# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
--instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True

--libvirt_ovs_bridge=br-int
--libvirt_vif_type=ethernet
--libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

# APIS
--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_dmz_host=10.131.0.244
--s3_host=10.131.0.244

#RABBITMQ
--rabbit_host=localhost
--rabbit_password=guest

# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=10.131.0.244:9292

# NETWORK
#--network_manager=nova.network.manager.FlatDHCPManager
--network_manager=nova.network.quantum.manager.QuantumManager
--linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
--force_dhcp_release=True
--dhcpbridge_flagfile=/etc/nova/nova.conf
#--firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.131.0.244
--public_interface=br100
--vlan_interface=eth0
--flat_network_bridge=br100
--flat_interface=eth0
--fixed_range=192.168.200.0/24

# NOVNC CONSOLE
--novncproxy_base_url=http://10.131.0.244:6080/vnc_auto.html
--vncserver_proxyclient_address=10.131.0.244
--vncserver_listen=10.131.0.244

Plus, my nova conf is as below:

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
#--force_dhcp_release
#--iscsi_helper=tgtadm
#--libvirt_use_virtio_for_bridges
#--connection_type=libvirt
--root_helper=sudo nova-rootwrap
#--verbose
#--ec2_private_dns_show_ip
--quantum_use_dhcp=true

# LOGS/STATE
--verbose=True

# AUTHENTICATION
--auth_strategy=keystone

# SCHEDULER
--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_default_filters=AllHostsFilter

# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm

# DATABASE
--sql_connection=mysql://nova:passwd@10.131.0.244/nova

# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
--instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True

--libvirt_ovs_bridge=br-int
--libvirt_vif_type=ethernet
--libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

# APIS
--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_dmz_host=10.131.0.244
--s3_host=10.131.0.244

#RABBITMQ
--rabbit_host=localhost
--rabbit_password=guest

# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=10.131.0.244:9292

# NETWORK
#--network_manager=nova.network.manager.FlatDHCPManager
--network_manager=nova.network.quantum.manager.QuantumManager
--linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
--force_dhcp_release=True
--dhcpbridge_flagfile=/etc/nova/nova.conf
#--firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.131.0.244
--public_interface=br100
--vlan_interface=eth0
--flat_network_bridge=br100
--flat_interface=eth0
--fixed_range=192.168.200.0/24

# NOVNC CONSOLE
--novncproxy_base_url=http://10.131.0.244:6080/vnc_auto.html
--vncserver_proxyclient_address=10.131.0.244
--vncserver_listen=10.131.0.244

Revision history for this message

Havent (guestly) said on 2012-05-15:

#2

And Dashboard instance log is as below:

ci-info: lo : 1 127.0.0.1 255.0.0.0 .

ci-info: eth0 : 1 10.10.10.31 255.255.255.0 fa:16:3e:67:10:e2

ci-info: route-0: 0.0.0.0 10.10.10.1 0.0.0.0 eth0 UG

ci-info: route-1: 10.10.10.0 0.0.0.0 255.255.255.0 eth0 U

cloud-init start running: Mon, 14 May 2012 09:34:57 +0000. up 8.18 seconds

2012-05-14 09:34:57,596 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [0/120s]: http error [404]

2012-05-14 09:34:58,652 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [1/120s]: http error [404]

2012-05-14 09:34:59,704 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [2/120s]: http error [404]

2012-05-14 09:35:00,755 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [3/120s]: http error [404]

2012-05-14 09:35:01,813 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [4/120s]: http error [404]

2012-05-14 09:35:02,868 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [5/120s]: http error [404]

2012-05-14 09:35:04,920 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [7/120s]: http error [404]

2012-05-14 09:35:06,983 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [9/120s]: http error [404]

2012-05-14 09:35:59,038 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [61/120s]: url error [timed out]

2012-05-14 09:36:51,092 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [113/120s]: url error [timed out]

2012-05-14 09:36:57,101 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [119/120s]: url error [timed out]

2012-05-14 09:37:00,106 - DataSourceEc2.py[CRITICAL]: giving up on md after 122 seconds

no instance data found in start

Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

* Starting AppArmor profiles [80G
[74G[ OK ]

landscape-client is not configured, please run landscape-config.

* Stopping System V initialisation compatibility[74G[ OK ]

* Starting System V runlevel compatibility[74G[ OK ]

* Starting ACPI daemon[74G[ OK ]

* Starting save kernel messages[74G[ OK ]

* Starting regular background program processing daemon[74G[ OK ]

* Starting deferred execution scheduler[74G[ OK ]

* Starting automatic crash report generation[74G[ OK ]

* Stopping save kernel messages[74G[ OK ]

* Starting CPU interrupts balancing daemon[74G[ OK ]

* Starting crash report submission daemon[74G[ OK ]

* Stopping System V runlevel compatibility[74G[ OK ]

* Starting execute cloud user/final scripts[74G[ OK ]

And Dashboard instance log is as below:

ci-info: lo    : 1 127.0.0.1       255.0.0.0       .

ci-info: eth0  : 1 10.10.10.31     255.255.255.0   fa:16:3e:67:10:e2

ci-info: route-0: 0.0.0.0         10.10.10.1      0.0.0.0         eth0   UG

ci-info: route-1: 10.10.10.0      0.0.0.0         255.255.255.0   eth0   U

cloud-init start running: Mon, 14 May 2012 09:34:57 +0000. up 8.18 seconds

2012-05-14 09:34:57,596 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [0/120s]: http error [404]

2012-05-14 09:34:58,652 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [1/120s]: http error [404]

2012-05-14 09:34:59,704 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [2/120s]: http error [404]

2012-05-14 09:35:00,755 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [3/120s]: http error [404]

2012-05-14 09:35:01,813 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [4/120s]: http error [404]

2012-05-14 09:35:02,868 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [5/120s]: http error [404]

2012-05-14 09:35:04,920 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [7/120s]: http error [404]

2012-05-14 09:35:06,983 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [9/120s]: http error [404]

2012-05-14 09:35:59,038 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [61/120s]: url error [timed out]

2012-05-14 09:36:51,092 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [113/120s]: url error [timed out]

2012-05-14 09:36:57,101 - util.py[WARNING]: 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [119/120s]: url error [timed out]

2012-05-14 09:37:00,106 - DataSourceEc2.py[CRITICAL]: giving up on md after 122 seconds

no instance data found in start

Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

* Starting AppArmor profiles       [80G 
[74G[ OK ]

landscape-client is not configured, please run landscape-config.

* Stopping System V initialisation compatibility[74G[ OK ]

* Starting System V runlevel compatibility[74G[ OK ]

* Starting ACPI daemon[74G[ OK ]

* Starting save kernel messages[74G[ OK ]

* Starting regular background program processing daemon[74G[ OK ]

* Starting deferred execution scheduler[74G[ OK ]

* Starting automatic crash report generation[74G[ OK ]

* Stopping save kernel messages[74G[ OK ]

* Starting CPU interrupts balancing daemon[74G[ OK ]

* Starting crash report submission daemon[74G[ OK ]

* Stopping System V runlevel compatibility[74G[ OK ]

* Starting execute cloud user/final scripts[74G[ OK ]

Revision history for this message

Havent (guestly) said on 2012-05-15:

#3

ifconfig
br100 Link encap:Ethernet HWaddr 4a:a8:3d:2a:ac:3c
          inet addr:192.168.200.1 Bcast:192.168.200.255 Mask:255.255.255.0
          inet6 addr: fe80::48a8:3dff:fe2a:ac3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2679 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:229770 (229.7 KB)

eth0 Link encap:Ethernet HWaddr d0:67:e5:23:96:ab
          inet addr:10.131.0.244 Bcast:10.131.255.255 Mask:255.252.0.0
          inet6 addr: fe80::d267:e5ff:fe23:96ab/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:282761 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76570 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:104524868 (104.5 MB) TX bytes:11436816 (11.4 MB)
          Interrupt:40 Base address:0xa000

eth1 Link encap:Ethernet HWaddr 00:1b:21:c6:35:b4
          inet addr:10.10.10.48 Bcast:10.10.10.255 Mask:255.255.255.0
          inet6 addr: fe80::21b:21ff:fec6:35b4/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
          RX packets:81467 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23025 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7907282 (7.9 MB) TX bytes:3998962 (3.9 MB)
          Interrupt:18 Memory:e10c0000-e10e0000

gw-590be7b5-0d Link encap:Ethernet HWaddr fa:16:3e:11:d4:b0
          inet addr:8.8.8.1 Bcast:8.8.8.255 Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe11:d4b0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
          RX packets:25003 errors:0 dropped:0 overruns:0 frame:0
          TX packets:843 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4430540 (4.4 MB) TX bytes:35622 (35.6 KB)

gw-9bfef0dc-e1 Link encap:Ethernet HWaddr fa:16:3e:0b:c9:47
          inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe0b:c947/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
          RX packets:81653 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79860 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10206939 (10.2 MB) TX bytes:91187083 (91.1 MB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:3913403 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3913403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2457263572 (2.4 GB) TX bytes:2457263572 (2.4 GB)

tap310e70c6-69 Link encap:Ethernet HWaddr e2:1a:8f:26:ff:b3
          inet6 addr: fe80::e01a:8fff:fe26:ffb3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:23158 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54725 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:2753498 (2.7 MB) TX bytes:29934944 (29.9 MB)

tap784db0ba-d4 Link encap:Ethernet HWaddr d6:6f:8c:fc:25:2b
          inet6 addr: fe80::d46f:8cff:fefc:252b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:50440 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93205 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:5941451 (5.9 MB) TX bytes:71098207 (71.0 MB)

tap8c768c0a-ae Link encap:Ethernet HWaddr ea:03:ca:09:cf:b0
          inet6 addr: fe80::e803:caff:fe09:cfb0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1044 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B) TX bytes:167170 (167.1 KB)

tapbf4b7d36-87 Link encap:Ethernet HWaddr a6:26:3f:1f:eb:0e
          inet6 addr: fe80::a426:3fff:fe1f:eb0e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1031 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2179 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:131960 (131.9 KB) TX bytes:292702 (292.7 KB)

tapda4311e2-3f Link encap:Ethernet HWaddr 56:7c:9d:db:d6:17
          inet6 addr: fe80::547c:9dff:fedb:d617/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:344 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26013 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:67012 (67.0 KB) TX bytes:4489857 (4.4 MB)

virbr0 Link encap:Ethernet HWaddr 1a:40:a3:1a:4e:99
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ifconfig
br100     Link encap:Ethernet  HWaddr 4a:a8:3d:2a:ac:3c  
          inet addr:192.168.200.1  Bcast:192.168.200.255  Mask:255.255.255.0
          inet6 addr: fe80::48a8:3dff:fe2a:ac3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2679 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:229770 (229.7 KB)

eth0      Link encap:Ethernet  HWaddr d0:67:e5:23:96:ab  
          inet addr:10.131.0.244  Bcast:10.131.255.255  Mask:255.252.0.0
          inet6 addr: fe80::d267:e5ff:fe23:96ab/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:282761 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76570 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:104524868 (104.5 MB)  TX bytes:11436816 (11.4 MB)
          Interrupt:40 Base address:0xa000

eth1      Link encap:Ethernet  HWaddr 00:1b:21:c6:35:b4  
          inet addr:10.10.10.48  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::21b:21ff:fec6:35b4/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:81467 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23025 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7907282 (7.9 MB)  TX bytes:3998962 (3.9 MB)
          Interrupt:18 Memory:e10c0000-e10e0000

gw-590be7b5-0d Link encap:Ethernet  HWaddr fa:16:3e:11:d4:b0  
          inet addr:8.8.8.1  Bcast:8.8.8.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe11:d4b0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:25003 errors:0 dropped:0 overruns:0 frame:0
          TX packets:843 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4430540 (4.4 MB)  TX bytes:35622 (35.6 KB)

gw-9bfef0dc-e1 Link encap:Ethernet  HWaddr fa:16:3e:0b:c9:47  
          inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe0b:c947/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:81653 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79860 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:10206939 (10.2 MB)  TX bytes:91187083 (91.1 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3913403 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3913403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2457263572 (2.4 GB)  TX bytes:2457263572 (2.4 GB)

tap310e70c6-69 Link encap:Ethernet  HWaddr e2:1a:8f:26:ff:b3  
          inet6 addr: fe80::e01a:8fff:fe26:ffb3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:23158 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54725 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:2753498 (2.7 MB)  TX bytes:29934944 (29.9 MB)

tap784db0ba-d4 Link encap:Ethernet  HWaddr d6:6f:8c:fc:25:2b  
          inet6 addr: fe80::d46f:8cff:fefc:252b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50440 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93205 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:5941451 (5.9 MB)  TX bytes:71098207 (71.0 MB)

tap8c768c0a-ae Link encap:Ethernet  HWaddr ea:03:ca:09:cf:b0  
          inet6 addr: fe80::e803:caff:fe09:cfb0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1044 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:167170 (167.1 KB)

tapbf4b7d36-87 Link encap:Ethernet  HWaddr a6:26:3f:1f:eb:0e  
          inet6 addr: fe80::a426:3fff:fe1f:eb0e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1031 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2179 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:131960 (131.9 KB)  TX bytes:292702 (292.7 KB)

tapda4311e2-3f Link encap:Ethernet  HWaddr 56:7c:9d:db:d6:17  
          inet6 addr: fe80::547c:9dff:fedb:d617/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:344 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26013 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:67012 (67.0 KB)  TX bytes:4489857 (4.4 MB)

virbr0    Link encap:Ethernet  HWaddr 1a:40:a3:1a:4e:99  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Revision history for this message

Havent (guestly) said on 2012-05-15:

#4

# ssh -i .ssh/id_rsa ubuntu@10.10.10.5

ubuntu@ubuntu1204-ci-amd64-private:~$ ifconfig
eth0 Link encap:Ethernet HWaddr fa:16:3e:0d:45:95
          inet addr:10.10.10.5 Bcast:10.10.10.255 Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe0d:4595/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:384 errors:0 dropped:0 overruns:0 frame:0
          TX packets:323 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:58009 (58.0 KB) TX bytes:45933 (45.9 KB)
          Interrupt:11 Base address:0xa000

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

It's only has one vNic eth0, but ...

# ssh -i .ssh/id_rsa ubuntu@10.10.10.5

ubuntu@ubuntu1204-ci-amd64-private:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr fa:16:3e:0d:45:95  
          inet addr:10.10.10.5  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe0d:4595/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:384 errors:0 dropped:0 overruns:0 frame:0
          TX packets:323 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:58009 (58.0 KB)  TX bytes:45933 (45.9 KB)
          Interrupt:11 Base address:0xa000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

It's only has one vNic eth0, but ...

Revision history for this message

Mohammad Banikazemi (mb-s) said on 2012-05-15:

#5

Looks similar to the problem I reported a while back:
https://answers.launchpad.net/quantum/+question/190861

Revision history for this message

Havent (guestly) said on 2012-05-15:

#6

Maybe it has something do with SNAT, but I really don't know why it doesn't work and why it has SNAT item while creating VMs.

Revision history for this message

Somik Behera (somikbehera) said on 2012-05-16:

#7

Hi Havent,

Based on your environment details, you two shared networks:

1) 10.10.10.0/24 -> gateway @ 10.10.10.1
2) 8.8.8.0/24 ->gateway @ 8.8.8.1

Since you have created both of these networks as "shared"/public networks, any VM on any network can ping the
gateways, which is what you are seeing.

Second, the VMs on 10.10.10.0/24 network, dont seem to have an IP on 8.8.8.0/24 network based on your 'nova list' output. This can be due to incompatibility with your guest image or the way you are spinning up the VMs the command or API call to launch the VM. It would be helpful if you can provide that command or API call as well.

I also noticed that you were using FlatDHCPManager before QuantumManager, in order to migrate from FlatDHCPManager to QuantumManager, you are required to delete all network and VMs created using FlatDHCPManager before re-launching nova-network with QuantumManager.

Another question for you, are you using Nova DHCP or Fixed IP for IP assignment?

Thanks,

s0mik

4)
Network connectivity:
root@cc202:/var/log/nova# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_req=1 ttl=64 time=0.261 ms
64 bytes from 10.10.10.2: icmp_req=2 ttl=64 time=0.328 ms
64 bytes from 10.10.10.2: icmp_req=3 ttl=64 time=0.293 ms
64 bytes from 10.10.10.2: icmp_req=4 ttl=64 time=0.292 ms

# ping 8.8.8.2
PING 8.8.8.2 (8.8.8.2) 56(84) bytes of data.
From 10.131.0.244 icmp_seq=1 Destination Host Unreachable
From 10.131.0.244 icmp_seq=2 Destination Host Unreachable
From 10.131.0.244 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.2 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4999ms
pipe 3

But,
# ping 8.8.8.1
PING 8.8.8.1 (8.8.8.1) 56(84) bytes of data.
64 bytes from 8.8.8.1: icmp_req=1 ttl=64 time=0.055 ms
64 bytes from 8.8.8.1: icmp_req=2 ttl=64 time=0.045 ms
64 bytes from 8.8.8.1: icmp_req=3 ttl=64 time=0.045 ms
^C
--- 8.8.8.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms

I wonder how this situation happened? Thanks.

Hi Havent,

Based on your environment details,  you two shared networks:

1) 10.10.10.0/24 -> gateway @ 10.10.10.1
2) 8.8.8.0/24 ->gateway @ 8.8.8.1

Since you have created both of these networks as "shared"/public networks, any VM on any network can ping the 
gateways, which is what you are seeing.

Second, the VMs on 10.10.10.0/24 network, dont seem to have an IP on 8.8.8.0/24 network based on your 'nova list' output. This can be due to incompatibility with your guest image or the way you are spinning up the VMs the command or API call to launch the VM. It would be helpful if you can provide that command or API call as well.

I also noticed that you were using FlatDHCPManager before QuantumManager, in order to migrate from FlatDHCPManager to QuantumManager, you are required to delete all network and VMs created using FlatDHCPManager before re-launching nova-network with QuantumManager.

Another question for you, are you using Nova DHCP or Fixed IP for IP assignment?

Thanks,

s0mik

4)
Network connectivity:
root@cc202:/var/log/nova# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_req=1 ttl=64 time=0.261 ms
64 bytes from 10.10.10.2: icmp_req=2 ttl=64 time=0.328 ms
64 bytes from 10.10.10.2: icmp_req=3 ttl=64 time=0.293 ms
64 bytes from 10.10.10.2: icmp_req=4 ttl=64 time=0.292 ms

# ping 8.8.8.2
PING 8.8.8.2 (8.8.8.2) 56(84) bytes of data.
From 10.131.0.244 icmp_seq=1 Destination Host Unreachable
From 10.131.0.244 icmp_seq=2 Destination Host Unreachable
From 10.131.0.244 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.2 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4999ms
pipe 3

But,
# ping 8.8.8.1
PING 8.8.8.1 (8.8.8.1) 56(84) bytes of data.
64 bytes from 8.8.8.1: icmp_req=1 ttl=64 time=0.055 ms
64 bytes from 8.8.8.1: icmp_req=2 ttl=64 time=0.045 ms
64 bytes from 8.8.8.1: icmp_req=3 ttl=64 time=0.045 ms
^C
--- 8.8.8.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms

I wonder how this situation happened? Thanks.

Revision history for this message

dan wendlandt (danwent) said on 2012-05-17:

#8

have you accessed ubuntu1204_ci_amd64_public (8.8.8.2) via VNC console and confirmed that the host received an IP?

If you can do that, I would tcpdump on the tap device associated with that VM and see what traffic is coming in and out to narrow down where the problem might be.

Dan

Revision history for this message

Havent (guestly) said on 2012-05-17:

#9

I have similar problem with another problem:
I also have this problem. I founded that my iptables has a new rule after I created a network 192.168.208.0/24 and a VM 8.8.8.6/192.168.208.2, and I can ping 8.8.8.6 but cannot 192.168.208.2 :

-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244

when I delete this rule, I can ping 192.168.208.2, and when I create a new network and new VM, this rule was replaced by the new network.

As below, are my iptables rules BEFORE CREATING NETWORK, AFTER CREATING NETWORK and AFTER CREATING VM:

BEFORE CREATING NETWORK:
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*mangle
:PREROUTING ACCEPT [245736:216294003]
:INPUT ACCEPT [57864:32422084]
:FORWARD ACCEPT [184175:182659303]
:OUTPUT ACCEPT [53384:31506313]
:POSTROUTING ACCEPT [237564:214167256]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:51:31 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*nat
:PREROUTING ACCEPT [135:35818]
:INPUT ACCEPT [54:10054]
:OUTPUT ACCEPT [22:1351]
:POSTROUTING ACCEPT [22:1351]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.207.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:51:31 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*filter
:INPUT ACCEPT [4078:2021343]
:FORWARD ACCEPT [5005:306502]
:OUTPUT ACCEPT [3747:2009987]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -j nova-manage-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:51:31 2012

AFTER CREATING NETWORK:
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*mangle
:PREROUTING ACCEPT [252638:222628974]
:INPUT ACCEPT [58858:32725770]
:FORWARD ACCEPT [190065:188684684]
:OUTPUT ACCEPT [54341:31821825]
:POSTROUTING ACCEPT [244411:220508149]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:52:01 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:52:01 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*filter
:INPUT ACCEPT [168:68743]
:FORWARD ACCEPT [1266:71368]
:OUTPUT ACCEPT [158:83083]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-manage-INPUT
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:52:01 2012

AFTER CREATING VM:
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*mangle
:PREROUTING ACCEPT [263188:230724325]
:INPUT ACCEPT [64717:36049324]
:FORWARD ACCEPT [194581:193399081]
:OUTPUT ACCEPT [59942:35114595]
:POSTROUTING ACCEPT [254528:228515316]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:54:57 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*nat
:PREROUTING ACCEPT [41:4806]
:INPUT ACCEPT [59:5066]
:OUTPUT ACCEPT [34:2572]
:POSTROUTING ACCEPT [33:2241]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:54:57 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*filter
:INPUT ACCEPT [951:539981]
:FORWARD ACCEPT [10:807]
:OUTPUT ACCEPT [898:541768]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-inst-60 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -j nova-manage-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-inst-60 -m state --state INVALID -j DROP
-A nova-compute-inst-60 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-60 -j nova-compute-provider
-A nova-compute-inst-60 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-60 -s 192.168.208.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-60 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-60 -s 192.168.208.0/24 -j ACCEPT
-A nova-compute-inst-60 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-60 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-local -d 8.8.8.10/32 -j nova-compute-inst-60
-A nova-compute-local -d 192.168.208.2/32 -j nova-compute-inst-60
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:54:57 2012

I have similar problem with another problem:
I also have this problem. I founded that my iptables has a new rule after I created a network 192.168.208.0/24 and a VM 8.8.8.6/192.168.208.2, and I can ping 8.8.8.6 but cannot 192.168.208.2 :

-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244

when I delete this rule, I can ping 192.168.208.2, and when I create a new network and new VM, this rule was replaced by the new network.

As below, are my iptables rules BEFORE CREATING NETWORK, AFTER CREATING NETWORK and AFTER CREATING VM:

BEFORE CREATING NETWORK:
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*mangle
:PREROUTING ACCEPT [245736:216294003]
:INPUT ACCEPT [57864:32422084]
:FORWARD ACCEPT [184175:182659303]
:OUTPUT ACCEPT [53384:31506313]
:POSTROUTING ACCEPT [237564:214167256]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:51:31 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*nat
:PREROUTING ACCEPT [135:35818]
:INPUT ACCEPT [54:10054]
:OUTPUT ACCEPT [22:1351]
:POSTROUTING ACCEPT [22:1351]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.207.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:51:31 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012
*filter
:INPUT ACCEPT [4078:2021343]
:FORWARD ACCEPT [5005:306502]
:OUTPUT ACCEPT [3747:2009987]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -j nova-manage-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:51:31 2012

AFTER CREATING NETWORK:
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*mangle
:PREROUTING ACCEPT [252638:222628974]
:INPUT ACCEPT [58858:32725770]
:FORWARD ACCEPT [190065:188684684]
:OUTPUT ACCEPT [54341:31821825]
:POSTROUTING ACCEPT [244411:220508149]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:52:01 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:52:01 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012
*filter
:INPUT ACCEPT [168:68743]
:FORWARD ACCEPT [1266:71368]
:OUTPUT ACCEPT [158:83083]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-manage-INPUT
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:52:01 2012

AFTER CREATING VM:
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*mangle
:PREROUTING ACCEPT [263188:230724325]
:INPUT ACCEPT [64717:36049324]
:FORWARD ACCEPT [194581:193399081]
:OUTPUT ACCEPT [59942:35114595]
:POSTROUTING ACCEPT [254528:228515316]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed May 16 14:54:57 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*nat
:PREROUTING ACCEPT [41:4806]
:INPUT ACCEPT [59:5066]
:OUTPUT ACCEPT [34:2572]
:POSTROUTING ACCEPT [33:2241]
:nova-api-OUTPUT - [0:0]
:nova-api-POSTROUTING - [0:0]
:nova-api-PREROUTING - [0:0]
:nova-api-float-snat - [0:0]
:nova-api-snat - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-POSTROUTING - [0:0]
:nova-compute-PREROUTING - [0:0]
:nova-compute-float-snat - [0:0]
:nova-compute-snat - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-POSTROUTING - [0:0]
:nova-manage-PREROUTING - [0:0]
:nova-manage-float-snat - [0:0]
:nova-manage-snat - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-POSTROUTING - [0:0]
:nova-network-PREROUTING - [0:0]
:nova-network-float-snat - [0:0]
:nova-network-snat - [0:0]
:nova-postrouting-bottom - [0:0]
-A PREROUTING -j nova-compute-PREROUTING
-A PREROUTING -j nova-network-PREROUTING
-A PREROUTING -j nova-manage-PREROUTING
-A PREROUTING -j nova-api-PREROUTING
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A POSTROUTING -j nova-compute-POSTROUTING
-A POSTROUTING -j nova-network-POSTROUTING
-A POSTROUTING -j nova-manage-POSTROUTING
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -j nova-api-POSTROUTING
-A POSTROUTING -j nova-postrouting-bottom
-A nova-api-snat -j nova-api-float-snat
-A nova-compute-snat -j nova-compute-float-snat
-A nova-manage-snat -j nova-manage-float-snat
-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT
-A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT
-A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775
-A nova-network-snat -j nova-network-float-snat
-A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244
-A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244
-A nova-postrouting-bottom -j nova-compute-snat
-A nova-postrouting-bottom -j nova-network-snat
-A nova-postrouting-bottom -j nova-manage-snat
-A nova-postrouting-bottom -j nova-api-snat
COMMIT
# Completed on Wed May 16 14:54:57 2012
# Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012
*filter
:INPUT ACCEPT [951:539981]
:FORWARD ACCEPT [10:807]
:OUTPUT ACCEPT [898:541768]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-compute-FORWARD - [0:0]
:nova-compute-INPUT - [0:0]
:nova-compute-OUTPUT - [0:0]
:nova-compute-inst-54 - [0:0]
:nova-compute-inst-55 - [0:0]
:nova-compute-inst-56 - [0:0]
:nova-compute-inst-57 - [0:0]
:nova-compute-inst-58 - [0:0]
:nova-compute-inst-59 - [0:0]
:nova-compute-inst-60 - [0:0]
:nova-compute-local - [0:0]
:nova-compute-provider - [0:0]
:nova-compute-sg-fallback - [0:0]
:nova-filter-top - [0:0]
:nova-manage-FORWARD - [0:0]
:nova-manage-INPUT - [0:0]
:nova-manage-OUTPUT - [0:0]
:nova-manage-local - [0:0]
:nova-network-FORWARD - [0:0]
:nova-network-INPUT - [0:0]
:nova-network-OUTPUT - [0:0]
:nova-network-local - [0:0]
-A INPUT -j nova-compute-INPUT
-A INPUT -j nova-network-INPUT
-A INPUT -j nova-manage-INPUT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -j nova-api-INPUT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j nova-filter-top
-A FORWARD -j nova-compute-FORWARD
-A FORWARD -j nova-network-FORWARD
-A FORWARD -j nova-manage-FORWARD
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j nova-api-FORWARD
-A OUTPUT -j nova-filter-top
-A OUTPUT -j nova-compute-OUTPUT
-A OUTPUT -j nova-network-OUTPUT
-A OUTPUT -j nova-manage-OUTPUT
-A OUTPUT -j nova-api-OUTPUT
-A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT
-A nova-compute-inst-54 -m state --state INVALID -j DROP
-A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-provider
-A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-54 -j nova-compute-sg-fallback
-A nova-compute-inst-55 -m state --state INVALID -j DROP
-A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-provider
-A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-55 -j nova-compute-sg-fallback
-A nova-compute-inst-56 -m state --state INVALID -j DROP
-A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-provider
-A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT
-A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-56 -j nova-compute-sg-fallback
-A nova-compute-inst-57 -m state --state INVALID -j DROP
-A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-provider
-A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-57 -j nova-compute-sg-fallback
-A nova-compute-inst-58 -m state --state INVALID -j DROP
-A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-provider
-A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT
-A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-58 -j nova-compute-sg-fallback
-A nova-compute-inst-59 -m state --state INVALID -j DROP
-A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-provider
-A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT
-A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT
-A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-59 -j nova-compute-sg-fallback
-A nova-compute-inst-60 -m state --state INVALID -j DROP
-A nova-compute-inst-60 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A nova-compute-inst-60 -j nova-compute-provider
-A nova-compute-inst-60 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-60 -s 192.168.208.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A nova-compute-inst-60 -s 8.8.8.0/24 -j ACCEPT
-A nova-compute-inst-60 -s 192.168.208.0/24 -j ACCEPT
-A nova-compute-inst-60 -p tcp -m tcp --dport 22 -j ACCEPT
-A nova-compute-inst-60 -j nova-compute-sg-fallback
-A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54
-A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55
-A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56
-A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56
-A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57
-A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57
-A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58
-A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58
-A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59
-A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59
-A nova-compute-local -d 8.8.8.10/32 -j nova-compute-inst-60
-A nova-compute-local -d 192.168.208.2/32 -j nova-compute-inst-60
-A nova-compute-sg-fallback -j DROP
-A nova-filter-top -j nova-compute-local
-A nova-filter-top -j nova-network-local
-A nova-filter-top -j nova-manage-local
-A nova-filter-top -j nova-api-local
-A nova-network-FORWARD -i br-int -j ACCEPT
-A nova-network-FORWARD -o br-int -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 67 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 53 -j ACCEPT
-A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Wed May 16 14:54:57 2012

Revision history for this message

Havent (guestly) said on 2012-05-17:

#10

To Somik Behera (somikbehera) ,
Since you have created both of these networks as "shared"/public networks, any VM on any network can ping the
gateways, which is what you are seeing.

how do you see both of these networks are public networks?

I use nova DHCP to create IP address.

Revision history for this message

Havent (guestly) said on 2012-05-17:

#11

To Dan,
Yes, I log in this VM, and ifconfig it, it has two vNIC, eth0 and eth1, and both of them has correct IP address.

Revision history for this message

Somik Behera (somikbehera) said on 2012-05-17:

#12

When you list output of nova-manage network list, there appears to be 'None' in the project field, therefore the networks defaulted to be being shared/public networks.

To create private networks, check out Quantum admin guide - http://docs.openstack.org/trunk/openstack-network/admin/content/index.html

Similarly, for DHCP to work, you need to use a flag quantum_use_dhcp=True in your nova.conf on nova-network node. The admin guide linked above should have those instructions as well.

Thanks,
Somik

Revision history for this message

Havent (guestly) said on 2012-05-17:

#13

To Somik Behera, Thanks for your reply.
To Dan, still waiting for your reply.~

Revision history for this message

Somik Behera (somikbehera) said on 2012-05-24:

#14

Hi Haven't,

In my experience, I haven't seen your issue in production style deployment without devstack. In those scenarios, nova-network runs on a dedicated server, and nova-compute runs on separate servers. If you can try to create a production set-up as your testing production topologies, and see if you that solves the issue you have encountered.

Thanks,
Somik

Revision history for this message

Havent (guestly) said on 2012-07-06:

#15

Thanks Somik Behera, that solved my question.

neutron

Two networks, one is reachable, the other is not. Why?

Question information

Subscribers

neutron

Two networks, one is reachable, the other is not. Why?

Question information

Related bugs

Related FAQ:

Subscribers