First, the Environment: Host A (192.168.1.242) is running instance A (192.168.1.176), Host B (192.168.1.56) running Instance B (192.168.1.50).
The user says Telnet from instance B to port 9000 on instance a, but on instance a through Netstat-an | The Remore IP that grep 9000 sees is not instance B, but the NIC IP (192.1638.1.56) of Host B. So I think it is possible to migrate instance A to Host B to solve the problem. But it's a pity that the answer is.
The environment at this time: Host B is running instances A and B.
So I started from iptables. It is found that there are several important chain rules on Host B:
ChainNova-network-snat(1references) pkts bytes target prot optinchOut source destination 312K 20M Nova-network-float-snat All--* *0.0.0.0/0 0.0.0.0/0 0 0RETURN All--* *192.168.1.60 0.0.0.0/0 2 -RETURN All--* *192.168.1.50 0.0.0.0/0 80764 5060K SNAT All--* * 192.168.1.32/27 0.0.0.0/0 to:192.168.1.56Chain Nova -postrouting-bottom(1references) pkts bytes target prot optinchOut source destination 312K 20M Nova-compute-snat All--* *0.0.0.0/0 0.0.0.0/0312K 20M Nova -network-snatAll--* *0.0.0.0/0 0.0.0.0/0231K 15M Nova-api-snat All--* *0.0.0.0/0 0.0.0.0/0Chain postrouting (Policy ACCEPT5Packets -bytes) pkts bytes Target prot optinchOut source destination 368K 23M Nova-compute-postrouting All--* *0.0.0.0/0 0.0.0.0/0368K 23M Nova-network-postrouting All--* *0.0.0.0/0 0.0.0.0/0312K 20M Nova-api-postrouting All--* *0.0.0.0/0 0.0.0.0/0312K 20M Nova -postrouting-bottomAll--* *0.0.0.0/0 0.0.0.0/0
The problem is obvious: the address in the 192.168.1.33--62 range translates the source address into 192.168.1.56 through the Snat action. So on instance B see 192.168.1.56 This address also explained the pass!
As it is unclear whether this rule has any practical effect, I use the following rules to manually insert them into effect:
2 192.168. 1.50/ -j RETURN
A iptables-related OpenStack row error