iptables -A OUTPUT -t nat -d 192.0.2.1 -j DNAT --to-destination 10.16.154.6
iptables -A OUTPUT -t nat -d 172,21,0.10 -j DNAT --to-destination 10.16.154.9
Overcloud (heat admin):
- Floating IP: 10.16.154.141
- Bridge: br-ex
- Private IP (Keystone): 192.0.2.11
Undercloud:
- Floating IP: 10.16.154.126
- Bridge: em1
- Private IP: 192.0.2.1
^check which interface has a floating IP for both undercloud and overcloud
Repeat following steps:
- after sourcing
stackrcforstackuser of undercloud, - and then sourcing
overcloudrcforhead-adminuser of overcloud-controller:
list all endpoint ports
$ for i in `openstack endpoint list | awk -F'| ' '{ print $2}' | sed 1,3d | sed '/^$/d'`; do openstack endpoint show $i | grep admin; done > endpoint_ports
extract endpoint ports
$ cat endpoint_ports | sed '/^$/d' | awk -F':' '{ print $3}' | sed '/^$/d' | awk -F'/| ' '{ print $1}' > ports_new
apply settings
# undercloud
$ for i in `cat ports_new`; do sudo iptables -t nat -A PREROUTING -i em1 -p tcp --dport $i -j DNAT --to-destination 192.0.2.1:$i; done
# overcloud
$ for i in `cat ports_new`; do sudo iptables -t nat -A PREROUTING -i br-ex -p tcp --dport $i -j DNAT --to-destination 192.0.2.11:$i; done
do an additional step for 5000 port (not included in ports_new from above steps)
# undercloud
$ iptables -t nat -A PREROUTING -i em1 -p tcp --dport 5000 -j DNAT --to-destination 192.0.2.1:5000
# overcloud
$ iptables -t nat -A PREROUTING -i br-ex -p tcp --dport 5000 -j DNAT --to-destination 192.0.2.11:5000
# for undercloud
for i in {1..13}; do sudo iptables -t nat -D PREROUTING 4; done
# overcloud
for i in {1..13}; do sudo iptables -t nat -D PREROUTING 2; done
overcloud controller (heat admin) iptables