Search code examples
openstack

The VM can ping the host machine, but can not ping other public IP

I in a remote Server (I call it host machine) setup the OpenStack Ocata. And in the OpenStack Ocata I created a VM, the VM use the Security Group (named allow ping & ssh), which is created by myself:

Now, I can use my Mac ping the VM. but can not ssh connect to the VM.

And in the VM(it's IP is 192.168.1.4 and floating IP is 103.35.202.3), I can ping 192.168.1.1 and 103.35.202.1(the host machine's public IP), but can not ping google.com or other public IP.

  1. Why in my Mac I can ping the VM but can not ssh to it?
  2. Why in the VM I can ping the host machine, but can not ping other public IP?

where is the issue?

Solution

  • Currently the only Egress traffic allowed out is for ICMP. Egress is missing for TCP/UDP. Add in Egress rules for both UDP (should help resolve the DNS issue) and TCP (should resolve the SSH issue.)

    After adding in the Egress rules for TCP - test ssh again.

    After adding in the Egress rules for UDP - test DNS resolution, if you are still running into issues then you may want to verify the DNS servers used when configuring the network.