Urgent : VMs can't access the external network
My install is as follow :
- two physical nodes, each with two NICs (one for management network, and the other for Data network (VMs) )
- OpenStack Folsom
- OS : CentOS 6.4
- L2 plugin : Linuxbridge
- namespaces=False
- dhcp-agent is running on the controller node (all openstack services : nova, glance, cinder, quantum-server, ...)
- l3-agent is runnig on the compute node
- Floating IPs rang : 192.168.224.224 --> 192.168.224.2 ; cidr=192.
- Fixed IPs rang : 172.16.1.0/24
Output of my nat table :
-------
[root@L3Agent ~]# iptables -t nat -nvL --line-numbers
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 quantum-
2 0 0 nova-compute-
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 9 556 quantum-
2 0 0 nova-compute-
3 0 0 nova-postroutin
4 0 0 quantum-
Chain OUTPUT (policy ACCEPT 9 packets, 556 bytes)
num pkts bytes target prot opt in out source destination
1 9 556 quantum-
2 9 556 nova-compute-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain nova-compute-OUTPUT (1 references)
num pkts bytes target prot opt in out source destination
Chain nova-compute-
num pkts bytes target prot opt in out source destination
Chain nova-compute-
num pkts bytes target prot opt in out source destination
Chain nova-compute-
num pkts bytes target prot opt in out source destination
Chain nova-compute-snat (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 nova-compute-
Chain nova-postroutin
num pkts bytes target prot opt in out source destination
1 0 0 nova-compute-snat all -- * * 0.0.0.0/0 0.0.0.0/0
Chain quantum-
num pkts bytes target prot opt in out source destination
Chain quantum-
num pkts bytes target prot opt in out source destination
1 9 556 ACCEPT all -- !qg-3d0ac89c-d8 !qg-3d0ac89c-d8 0.0.0.0/0 0.0.0.0/0 ! ctstate DNAT
Chain quantum-
num pkts bytes target prot opt in out source destination
Chain quantum-
num pkts bytes target prot opt in out source destination
Chain quantum-
num pkts bytes target prot opt in out source destination
1 0 0 quantum-
2 0 0 SNAT all -- * * 172.16.1.0/24 0.0.0.0/0 to:192.168.224.224
Chain quantum-
num pkts bytes target prot opt in out source destination
1 0 0 quantum-
-------
when I perform a ping from a VMs, no replay is received, because the outgoing packet is not SNATed (I used tcpdump on the destination machine)
any idea what's wrong?
if you need any additional information, you can ask.
thanks in advance
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- neutron Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Anas ASO
- Solved:
- Last query:
- Last reply: