MicroStack

Can't Access Internet From Instance

Bug #1812415 reported by Pen Gale on 2019-01-18

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	MicroStack	New	High	Pen Gale	MicroStack microstack19.10 "microstack 19.10"

Bug Description

Currently, we don't actually attempt to connect the virtual networks created by Openstack to the outside world. This means that you can't access the Internet from created instances.

The instructions at https://docs.openstack.org/mitaka/networking-guide/intro-nat.html should get you started if you want to setup Internet Access manually.

This bug will be closed when the snap sets up Internet access automagically. (Setting up SNAT is probably the best solution, as that involves the lightest touch on the host system.)

Pen Gale (pengale) on 2019-01-18

Changed in microstack:
importance:	Undecided → High
status:	New → Confirmed

James Page (james-page) on 2019-01-29

Changed in microstack:
status:	Confirmed → Triaged

Pen Gale (pengale) on 2019-01-30

Changed in microstack:
milestone:	none → microstack19.10
no longer affects:	microstack/19.10

Revision history for this message

Pen Gale (pengale) wrote on 2019-03-27:

We have a fix for this! Big hat tip to admcleod and james-page for figuring this out.

On the host system, you need to setup some iptables rules, and run a sysctl command:

sudo iptables -t nat -A POSTROUTING -s 10.20.20.1/24 ! -d 10.20.20.1/24 -j MASQUERADE
sudo sysctl net.ipv4.ip_forward=1

The iptables rules are trivial to add. The ip_forward thing is a bit trickier, because I don't want to leave a mess on people's systems. If you snap install lxd, then do lxd init, then snap remove lxd, you'll have that rule set for you, however, so microstack wouldn't be unique in setting the rule.

I'm a little tempted to add a "microstack.configure" command. Or "microstack init". That would give the user a bit more warning that they might be writing some configuration to their system outside the snap. And it would get around our timeout issues w/ mysql. Hmmm ...

Revision history for this message

Pen Gale (pengale) wrote on 2019-03-27:

PR here: https://github.com/CanonicalLtd/microstack/pull/57

(And PR merged!)

Changed in microstack:
assignee:	nobody → Pete Vander Giessen (petevg)
status:	Triaged → In Progress
status:	In Progress → Fix Committed

Revision history for this message

Pen Gale (pengale) wrote on 2019-03-27:

Code merged, and a snap release is making its way to the edge channel.

Revision history for this message

Pen Gale (pengale) wrote on 2019-04-19:

The fix is now on both the edge and beta channels!

Changed in microstack:
status:	Fix Committed → Fix Released

Revision history for this message

Dalton Cézane (daltoncezane) wrote on 2020-09-09:

Revision history for this message

ramy (rdawoud) wrote on 2020-09-26:

it worked with me after i added
sudo sysctl net.ipv4.ip_forward=1
to the host machine

Revision history for this message

Pen Gale (pengale) wrote on 2021-04-28:

This bug is no longer fixed in the current release of microstack, due to changes made in preparation for a confined snap. I’m not sure how you’d get microstack to automatically add the ip forwarding rules in a confined environment, though.

Changed in microstack:
status:	Fix Released → New

Revision history for this message

Nicolas Ferrario (nferrario) wrote on 2021-06-09:

Yup, had same issue here and fixed it with sudo sysctl net.ipv4.ip_forward=1. It'd be great for this to be documented at least.

Revision history for this message

Sasank (sasankchilamkurthy) wrote on 2021-07-21:

It didn't work for me even with `sudo sysctl net.ipv4.ip_forward=1` :(

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.