I am taking over management of an existing openstack system at work and I have only a little prior experience with openstack.
I have about 8 instances running and all of them appear to function properly in general. Each running various services. The services in question:
DHCP
DNS
MySQL <--- This is the one that I critically need.
I have a homebrew router running IPFire between green and blue interfaces (two subnets, wired and wireless) and I have it allowing basically all traffic between the two subnets to the best of my ability.
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 10.1.12.10 10.1.10.228
Services such as ssh and http appear to function. And each of the other services is configured to listen on all adaptors. I have floating IP's setup for each of the instances.
From what I can tell, the machine has a local IP but the floating IP is a forward of some type to the instance. I'm still trying to figure out the nature of the entire config.
My question: Why are services like ssh and http fully functional across subnets while certain services such as mysql and DNS are reachable only within their own subnet?
I see no drop events on the firewall for that IP or for port 3306. I see no drops from the users IP. I see no drops for anything I can attribute being related to the connection I am making or the router between them.
From wireless:
traceroute to 10.1.10.254 (10.1.10.254), 64 hops max, 52 byte packets
1 10.1.12.1 (10.1.12.1) 1.558 ms 1.520 ms 1.976 ms
2 10.1.10.254 (10.1.10.254) 2.772 ms 1.816 ms 1.909 ms
Nmap scan report for 10.1.10.254
Host is up (0.0035s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
From wired:
Nmap scan report for 10.1.10.254
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
3306/tcp open mysql
I don't really know where to even begin at this point. I don't see firewall events and I see no traffic via tcpdump. I am willing to try looking at ANYTHING you suggest.
UPDATE:
Shouldn't this allow forwarding between the subnets? Where blue0 = wireless and green0 = wired.
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11 672 ACCEPT tcp -- blue0 green0 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306'