Can't Access Internet From Instance
Bug #1812415 reported by
Pen Gale
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MicroStack |
New
|
High
|
Pen Gale |
Bug Description
Currently, we don't actually attempt to connect the virtual networks created by Openstack to the outside world. This means that you can't access the Internet from created instances.
The instructions at https:/
This bug will be closed when the snap sets up Internet access automagically. (Setting up SNAT is probably the best solution, as that involves the lightest touch on the host system.)
Changed in microstack: | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in microstack: | |
status: | Confirmed → Triaged |
Changed in microstack: | |
milestone: | none → microstack19.10 |
no longer affects: | microstack/19.10 |
To post a comment you must log in.
We have a fix for this! Big hat tip to admcleod and james-page for figuring this out.
On the host system, you need to setup some iptables rules, and run a sysctl command:
sudo iptables -t nat -A POSTROUTING -s 10.20.20.1/24 ! -d 10.20.20.1/24 -j MASQUERADE ip_forward= 1
sudo sysctl net.ipv4.
The iptables rules are trivial to add. The ip_forward thing is a bit trickier, because I don't want to leave a mess on people's systems. If you snap install lxd, then do lxd init, then snap remove lxd, you'll have that rule set for you, however, so microstack wouldn't be unique in setting the rule.
I'm a little tempted to add a "microstack. configure" command. Or "microstack init". That would give the user a bit more warning that they might be writing some configuration to their system outside the snap. And it would get around our timeout issues w/ mysql. Hmmm ...