Troubleshooting & FAQ¶

This page contains common issues and solutions for ncloud (OpenStack) usage.

🐳 Docker Container Internet Access Issues¶

Problem Description

Docker containers cannot access the internet or experience connection timeouts and failures when trying to reach external services.

Quick Solution

Run this command on the Docker host to fix MTU issues:

bash sudo iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

🔍 Detailed Explanation¶

This command adds a firewall rule that intercepts new network connections being forwarded from your Docker containers. The rule automatically lowers the maximum packet size (MSS) to 1400 bytes, ensuring packets are small enough to pass through our network infrastructure without being dropped.

💾 Making the Change Persistent¶

To ensure this iptables rule survives system reboots on Ubuntu:

=== "Option 1: Using iptables-persistent"

```bash
sudo apt-get update
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
```

=== "Option 2: Manual save"

```bash
sudo iptables-save > /etc/iptables/rules.v4
```

Result

The rule will be automatically restored on system boot.

🔒 Instance Port Access Issues¶

Problem Description

Users cannot reach their instance on a specific port.

🔧 Troubleshooting Workflow¶

Step 1: Check Security Groups¶

Security Group Verification

✅ Verify that the security group rules allow traffic on the required port
✅ Ensure the Remote IP Prefix is set to 0.0.0.0/0 or to the correct source IP range

Step 2: Manual Connectivity Test¶

Test Connection

If security groups appear correct, test connectivity manually:

bash telnet <instance-ip> <port>

Step 3: Escalate to Security Team¶

Final Step

If the above steps don't resolve the issue, contact the data management team at datamanagement@bsc.es to escalate to the security team for central firewall verification.

🌐 Instance Internet Access Issues¶

Important Note

Remember that ping (ICMP) is not allowed by default in our environment.

Problem Description

Users report no internet access from their instances.

🔧 Troubleshooting Workflow¶

Step 1: Determine if it's Internet or DNS Problem¶

DNS vs Internet Test

On your local machine, resolve the hostname: bash host <hostname>

On the instance, try accessing the resolved IP directly: bash curl <resolved-ip>

Result: If the IP works but the hostname doesn't, it's a DNS configuration issue.

Step 2: Test from Multiple Sources¶

Isolation Test

If direct IP access doesn't work, test connectivity from other machines to isolate the problem.

Step 3: Escalate to Security Team¶

Final Step

As a last resort, contact the data management team at datamanagement@bsc.es to escalate to the security team for network policies and firewall rules verification.

📞 Getting Help¶

If you've tried all troubleshooting steps and still need assistance:

Contact the data management team at datamanagement@bsc.es for firewall-related issues and security team escalation
Submit a support ticket with detailed information about:
The problem you're experiencing
Steps you've already tried
Error messages or logs
Instance details (IP, security groups, etc.)