windows实例可以运行，但无法ping通

大家好！我在使用OpenStack跑windows实例时，系统显示实例运行正常，获得了IP地址，但无法ping通实例。
在运行linux的实例时，可以ping通，也可以访问。windows的实例已经关闭了防火墙，IP地址是DHCP获得。OpenStack的规则设置配置了允许ping
nova secgroup-add-rule default icmp -1 -1 -s 0.0.0.0/0外网是通过DHCP获得IP地址内网只有一个交换机，无DHCP服务器。控制节点
eth0 10.10.11.15 外网
eth1 192.168.2.15 内网控制节点没有生成实例的功能，没有安装nova-compute
计算节点：
eth0 10.10.11.11 外网
eth1 192.168.2.11 内网控制节点信息:
root@master:~# nova-manage service list
Binary           Host                                 Zone
Status     State Updated_At
nova-scheduler   master                               nova
enabled    :-)   2012-10-08 08:07:52
nova-cert        master                               nova
enabled    :-)   2012-10-08 08:07:52
nova-consoleauth master                               nova
enabled    :-)   2012-10-08 08:07:52
nova-compute     node                                 nova
enabled    :-)   2012-10-08 08:07:45
nova-network     node                                 nova
enabled    :-)   2012-10-08 08:07:46
root@master:~#root@master:~# ifconfig
eth0      Link encap:Ethernet  HWaddr fc:75:16:84:70:c3
          inet addr:10.10.7.15  Bcast:10.10.7.255  Mask:255.255.255.0
          inet6 addr: fe80::fe75:16ff:fe84:70c3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:265287 errors:0 dropped:0 overruns:0 frame:0
          TX packets:148229 errors:1 dropped:0 overruns:1 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:68569088 (68.5 MB)  TX bytes:78003421 (78.0 MB)
          Interrupt:19eth1      Link encap:Ethernet  HWaddr b8:a3:86:8f:5a:e2
          inet addr:192.168.2.15  Bcast:192.168.2.255  Mask:
255.255.255.0
          inet6 addr: fe80::baa3:86ff:fe8f:5ae2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:774 errors:0 dropped:0 overruns:0 frame:0
          TX packets:280 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:127556 (127.5 KB)  TX bytes:22688 (22.6 KB)
          Interrupt:18 Base address:0x2000lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:188176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:117843520 (117.8 MB)  TX bytes:117843520 (117.8 MB)virbr0    Link encap:Ethernet  HWaddr 4e:57:c8:ff:00:eb
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:
255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
控制节点nova.conf
root@master:~# cat /etc/nova/nova.conf
[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False###### AUTHENTICATION
auth_strategy=keystone###### SCHEDULER
#--
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm###### DATABASE
sql_connection=mysql://nova:[email protected]/nova###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=10.10.7.15
cc_host=10.10.7.15###### RABBITMQ
rabbit_host=10.10.7.15###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=10.10.7.15:9292###### NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=eth0
flat_interface=eth1
flat_injected=false
flat_network_bridge=br100
fixed_range=192.168.2.0/24
multi_host=true###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://10.10.7.15:6080/vnc_auto.html
vncserver_proxyclient_address=10.10.7.15
vncserver_listen=10.10.7.15########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap
allow_same_net_traffic=true控制节点防火墙：
root@master:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:bootpsChain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24     state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-
with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-
with icmp-port-unreachableChain OUTPUT (policy ACCEPT)
target     prot opt source               destination控制节点路由信息：
root@master:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
0.0.0.0         10.10.7.1       0.0.0.0         UG    100    0
0 eth0
10.10.7.0       0.0.0.0         255.255.255.0   U     0      0
0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0
0 eth1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0
0 virbr0计算节点：计算节点网络配置：
root@node:~# ifconfig
br100     Link encap:Ethernet  HWaddr fc:75:16:84:70:c9
          inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:
255.255.255.0
          inet6 addr: fe80::1c09:b5ff:fe0f:1e42/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:120 errors:0 dropped:0 overruns:0 frame:0
          TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:17895 (17.8 KB)  TX bytes:13961 (13.9 KB)eth0      Link encap:Ethernet  HWaddr b8:a3:86:06:8a:7d
          inet addr:10.10.7.11  Bcast:10.10.7.255  Mask:255.255.255.0
          inet6 addr: fe80::baa3:86ff:fe06:8a7d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1695554 (1.6 MB)  TX bytes:1378230 (1.3 MB)
          Interrupt:19eth1      Link encap:Ethernet  HWaddr fc:75:16:84:70:c9
          inet6 addr: fe80::fe75:16ff:fe84:70c9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:430 (430.0 B)  TX bytes:9358 (9.3 KB)
          Interrupt:18 Base address:0x2000lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1296 (1.2 KB)  TX bytes:1296 (1.2 KB)virbr0    Link encap:Ethernet  HWaddr be:35:73:a1:2f:79
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:
255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)vnet0     Link encap:Ethernet  HWaddr fe:16:3e:6c:7c:dc
          inet6 addr: fe80::fc16:3eff:fe6c:7cdc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:67 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:10624 (10.6 KB)  TX bytes:11962 (11.9 KB)vnet1     Link encap:Ethernet  HWaddr fe:16:3e:34:a3:e0
          inet6 addr: fe80::fc16:3eff:fe34:a3e0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)vnet2     Link encap:Ethernet  HWaddr fe:16:3e:00:30:8e
          inet6 addr: fe80::fc16:3eff:fe00:308e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:0 dropped:0 overruns:0 frame:0
          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:9811 (9.8 KB)  TX bytes:10631 (10.6 KB)

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

继续补充运行的实例：
root@master:~# nova list
+--------------------------------------+----------+--------
+---------------------+
|                  ID                  |   Name   | Status |
Networks      |
+--------------------------------------+----------+--------
+---------------------+
| 6c38e1c0-3e09-42a9-ac4a-85ca7cd80103 | xp001    | ACTIVE |
private=192.168.2.5 |
| 86295154-3175-48a4-b330-5799328f9fb6 | linux001 | ACTIVE |
private=192.168.2.4 |
| cb332c97-b3dd-4903-ac89-495153864f34 | linux002 | ACTIVE |
private=192.168.2.6 |
+--------------------------------------+----------+--------
+---------------------+计算节点nova.conf配置root@node:~# cat /etc/nova/nova.conf
[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False###### AUTHENTICATION
auth_strategy=keystone###### SCHEDULER
#--
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm###### DATABASE
sql_connection=mysql://nova:[email protected]/nova###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=10.10.7.15
cc_host=10.10.7.15###### RABBITMQ
rabbit_host=10.10.7.15###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=10.10.7.15:9292###### NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
#force_dhcp_release=False
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=eth0
flat_interface=eth1
flat_network_bridge=br100
fixed_range=192.168.2.0/24
multi_host=true###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://10.10.7.15:6080/vnc_auto.html
vncserver_proxyclient_address=10.10.7.11
vncserver_listen=10.10.7.11########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap
allow_same_net_traffic=true
计算节点防火墙配置：
root@node:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
nova-compute-INPUT  all  --  anywhere             anywhere
nova-network-INPUT  all  --  anywhere             anywhere
nova-api-INPUT  all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:bootpsChain FORWARD (policy ACCEPT)
target     prot opt source               destination
nova-filter-top  all  --  anywhere             anywhere
nova-compute-FORWARD  all  --  anywhere
anywhere
nova-network-FORWARD  all  --  anywhere
anywhere
nova-api-FORWARD  all  --  anywhere             anywhereChain OUTPUT (policy ACCEPT)
target     prot opt source               destination
nova-filter-top  all  --  anywhere             anywhere
nova-compute-OUTPUT  all  --  anywhere
anywhere
nova-network-OUTPUT  all  --  anywhere
anywhere
nova-api-OUTPUT  all  --  anywhere             anywhereChain nova-api-FORWARD (1 references)
target     prot opt source               destinationChain nova-api-INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             10.10.7.11           tcp dpt:
8775Chain nova-api-OUTPUT (1 references)
target     prot opt source               destinationChain nova-api-local (1 references)
target     prot opt source               destinationChain nova-compute-FORWARD (1 references)
target     prot opt source               destinationChain nova-compute-INPUT (1 references)
target     prot opt source               destinationChain nova-compute-OUTPUT (1 references)
target     prot opt source               destinationChain nova-compute-inst-7 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             state
INVALID
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
nova-compute-provider  all  --  anywhere
anywhere
ACCEPT     udp  --  192.168.2.3          anywhere             udp
spt:bootps dpt:bootpc
ACCEPT     all  --  192.168.2.0/24       anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:
3389
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:http-alt
ACCEPT     icmp --  anywhere             anywhere
nova-compute-sg-fallback  all  --  anywhere
anywhereChain nova-compute-inst-8 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             state
INVALID
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
nova-compute-provider  all  --  anywhere
anywhere
ACCEPT     udp  --  192.168.2.3          anywhere             udp
spt:bootps dpt:bootpc
ACCEPT     all  --  192.168.2.0/24       anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:
3389
ACCEPT     icmp --  anywhere             anywhere
nova-compute-sg-fallback  all  --  anywhere
anywhereChain nova-compute-inst-9 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             state
INVALID
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
nova-compute-provider  all  --  anywhere
anywhere
ACCEPT     udp  --  192.168.2.3          anywhere             udp
spt:bootps dpt:bootpc
ACCEPT     all  --  192.168.2.0/24       anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:
3389
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:http-alt
ACCEPT     icmp --  anywhere             anywhere
nova-compute-sg-fallback  all  --  anywhere
anywhereChain nova-compute-local (1 references)
target     prot opt source               destination
nova-compute-inst-7  all  --  anywhere
192.168.2.4
nova-compute-inst-8  all  --  anywhere
192.168.2.5
nova-compute-inst-9  all  --  anywhere
192.168.2.6Chain nova-compute-provider (3 references)
target     prot opt source               destinationChain nova-compute-sg-fallback (3 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhereChain nova-filter-top (2 references)
target     prot opt source               destination
nova-compute-local  all  --  anywhere             anywhere
nova-network-local  all  --  anywhere             anywhere
nova-api-local  all  --  anywhere             anywhereChain nova-network-FORWARD (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhereChain nova-network-INPUT (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp
dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp
dpt:domainChain nova-network-OUTPUT (1 references)
target     prot opt source               destinationChain nova-network-local (1 references)
target     prot opt source               destination
计算节点路由信息：
root@node:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
0.0.0.0         10.10.7.1       0.0.0.0         UG    100    0
0 eth0
10.10.7.0       0.0.0.0         255.255.255.0   U     0      0
0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0
0 br100
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0
0 virbr0参考了以下文档：
https://answers.launchpad.net/nova/+question/157925http://forums.openstack.org/viewtopic.php?f=10&t=344http://stackoverflow.com/questions/11795057/openstack-networking-cant-ping-ssh-from-to-vmshttp://www.vpsee.com/2011/08/openstack-nova-network-settings-for-flatmanager/目前感觉是在网络配置上需要调整，如何调整不了解。请熟悉的大牛帮忙分析下非常感谢！
求大牛指点，
你是windows 2008 server ? 默认禁PING的.
你可以在计算节点PING实例名
制作镜像时打开远程桌面服务
在安全组加TCP 3389启动远程桌面端口
那样实例就能用了.当然要记住密码
你是windows 2008 server ? 默认禁PING的.
你可以在计算节点PING实例名
制作镜像时打开远程桌面服务
在安全组加TCP 3389启动远程桌面端口
那样实例就能用了.当然要记住密码
你是windows 2008 server ? 默认禁PING的.
你可以在计算节点PING实例名
制作镜像时打开远程桌面服务
在安全组加TCP 3389启动远程桌面端口
那样实例就能用了.当然要记住密码