[kolla] neutron-l3-agent namespace NAT table not working?

Slawek Kaplonski skaplons at redhat.com
Sat Jan 4 09:46:12 UTC 2020


Hi,

Is this qrouter namespace created with all those rules in container or in the host directly?
Do You have qr-xxx and qg-xxx ports from br-int in this qrouter namespace?

> On 4 Jan 2020, at 05:44, Jon Masters <jcm at jonmasters.org> wrote:
> 
> Hi there,
> 
> I've got a weird problem with the neutron-l3-agent container on my deployment. It comes up, sets up the iptables rules in the qrouter namespace (and I can see these using "ip netns...") but traffic isn't having DNAT or SNAT applied. What's most strange is that manually adding a LOG jump target to the iptables nat PRE/POSTROUTING chains (after enabling nf logging sent to the host kernel, confirmed that works) doesn't result in any log entries. It's as if the nat table isn't being applied at all for any packets traversing the qrouter namespace. This is driving me crazy :)
> 
> Anyone got some quick suggestions? (assume I tried the obvious stuff).
> 
> Jon.
> 
> -- 
> Computer Architect

— 
Slawek Kaplonski
Senior software engineer
Red Hat




More information about the openstack-discuss mailing list