NAT problem on single server install / Can't connect to floating IPs from public internet
I'm running nova bexxar as a single server install on a remote web server (one physical internet connection, 4 public IP addresses. Everything works fine, I'm able to run and use instances (ping, ssh) , but I'm unable to use an associated public IP.
As you can see, I'm using FlatDHCPManager and all instances run with IPs out of the 10.0.1.0/24 network. I used nova-manage to create floating IPs and euca-associate-
However, I'm unable to connect via SSH to the associated public IPs. I am able to ping though.
I also tried to figure out which iptables setup nova uses and run them directly, but I couldn't find any error messages. I am however not sure, if I got the commands right.
Any help on how figure out how to assign the additional IPs in the "correct" way would be very much appreciated.
See the attached config files for more information.
#cat /etc/nova/nova.conf
--dhcpbridge_
--dhcpbridge=
--logdir=
--state_
--verbose
--my_ip=
--daemonize=1
--state_
--sql_connectio
--s3_host=
--rabbit_
--cc_host=
--network_
--verbose
--ec2_url=http://
--network_
--fixed_
--routing_
--flat_
--flat_
--network_size=10
--public_
#ifconfig
br100 Link encap:Ethernet HWaddr fe:16:3e:03:b8:d9
inet addr:10.0.1.1 Bcast:10.0.1.127 Mask:255.
inet6 addr: fe80::c8e9:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4239 errors:0 dropped:0 overruns:0 frame:0
TX packets:6442 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:511487 (511.4 KB) TX bytes:5823020 (5.8 MB)
eth0 Link encap:Ethernet HWaddr 1c:6f:65:8d:6d:31
inet addr:89.238.83.54 Bcast:89.238.83.255 Mask:255.255.255.0
inet6 addr: fe80::1e6f:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5274404 errors:0 dropped:0 overruns:0 frame:0
TX packets:5291 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:399808856 (399.8 MB) TX bytes:717974 (717.9 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10057188 errors:0 dropped:0 overruns:0 frame:0
TX packets:10057188 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:728429145 (728.4 MB) TX bytes:728429145 (728.4 MB)
virbr0 Link encap:Ethernet HWaddr 92:9d:fb:52:00:74
inet addr:192.168.122.1 Bcast:192.
inet6 addr: fe80::909d:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 B) TX bytes:468 (468.0 B)
vnet0 Link encap:Ethernet HWaddr fe:16:3e:03:b8:d9
inet6 addr: fe80::fc16:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4239 errors:0 dropped:0 overruns:0 frame:0
TX packets:6442 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:570833 (570.8 KB) TX bytes:5823020 (5.8 MB)
# euca-describe-
RESERVATION r-4bok3lkq sethihosting default
INSTANCE i-00000018 ami-k6t4a3d4 89.238.83.55 10.0.1.15 running mykey (sethihosting, atlas) 0 m1.small 2011-03-13 18:49:57 nova
# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 527K packets, 100M bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere 169.254.169.254 tcp dpt:www to:89.238.
37 1856 DNAT all -- any any anywhere 55.83.238.
Chain POSTROUTING (policy ACCEPT 1779 packets, 111K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any 10.0.0.0/12 10.0.0.0/12
0 0 ACCEPT all -- any any 10.0.0.0/12 10.128.0.0/24
0 0 MASQUERADE tcp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- any any 192.168.122.0/24 !192.168.122.0/24
528 32941 SNATTING all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 1775 packets, 111K bytes)
pkts bytes target prot opt in out source destination
Chain SNATTING (1 references)
pkts bytes target prot opt in out source destination
3 180 SNAT all -- any any 10.0.1.15 anywhere to:89.238.83.55
0 0 SNAT all -- any any 10.0.0.0/12 anywhere to:89.238.83.54
# cat /etc/network/
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 89.238.83.54
netmask 255.255.255.0
network 89.238.83.0
broadcast 89.238.83.255
gateway 89.238.83.1
# dns-* options are implemented by the resolvconf package, if installed
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Markus Thielmann for more information if necessary.