VM instance cannot access outside network

You need to assign Public /floating IP for the VM in order to access them from outside network.
The openstack guides are sufficient to help you on that.

nova-manage floating create <command> will help you.

cheers!!

Perhaps I didn't make myself clear. My question is when I **log in** to the VM, I can't access the network **from the VM**, e.g. ping www.google.com, wget URL, etc. I wonder if there is a routing problem there but not sure where to start to check.

Well, start tradiotional connectivity check:

1. ipconfig / ifconfig -- if the IP configuration is correct and your OpenStack DHCP provides proper IP.
2. route -- if teh route information is correct
3. ping to your IP
4. ping to gateray
5. ping to some external IP
6. DNS resolution works?

If there are some other DHCP and virtual instance some how gets IP configuration from outside DHCP, OpenStack will deny all network traffic via libvirt connection filtering. Such filters defined in virtual instance XML.

To check if this is the case, check what DHCP server provided network config or comment out similar lines in instance XML (or create custom template and specify it in nova.conf)

-------------snip from customized template file --------------------
<!-- <filterref filter="nova-instance-${name}-${nic.id}">
                <parameter name="IP" value="${nic.ip_address}" />
                <parameter name="DHCPSERVER" value="${nic.dhcp_server}" />
#if $getVar('nic.extra_params', False)
                ${nic.extra_params}
#end if
#if $getVar('nic.gateway_v6', False)
                <parameter name="RASERVER" value="${nic.gateway_v6}" />
#end if
            </filterref> -->
--------------- end snip ----------------

1) ifconfig shows the ip correctly
2) VM's own ip and gateway ip can be ping, other VM's ip can also be ping
3) management node's ip can be ping, but compute node's ip cannot be ping
4) The DNS for VM works fine since it returns the ip address when I ping some URL, but no response.

But I still cannot ping external ip/URL. I am driven crazy by this problem these days. dnsmasq is listening on 192.168.22.33 as it should be.

Below is my network configuration in nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth0
--flat_network_bridge=br100
--fixed_range=192.168.22.32/27
--floating_range=10.42.0.32/27
--network_size=32
--flat_network_dhcp_start=192.168.22.33
--flat_injected=False
--force_dhcp_releas=True
--connection_type=libvirt

Below is the route table in VM
Destination Gateway Genmask Flags Iface
default 192.168.22.33 0.0.0.0 UG eth0
192.168.22.32 * 255.255.255.224 U etho

Below is the route table in host
Destination Gateway Genmask Flags Iface
default some_url 0.0.0.0 0 br100
localnet * 255.255.255.128 0 br100
192.168.22.32 * 255.255.255.224 0 br100

how about enabling ip_forwarding on the compute node?

Hi, @HaoLi

Did you solve the issue? If so, how did you make that?

Could you share your solution here?

I fixed with ip_forwading.

edit sysctl.conf
# vim /etc/sysctl.conf

uncomment the line
net.ipv4.ip_forward=1
save :wq

reload sysctl.conf
# sysctl -p /etc/sysctl.conf

restart procps service
# service procps restart

:)

Add an iptables rule to your host:

# sudo iptables -t nat -A POSTROUTING -s 10.0.0.2 -j MASQUERADE

-s is your instance's fixed_id.