[Openstack-operators] Help on Iptables in Openstack
anjaneya2 at gmail.com
Tue Apr 1 06:04:34 UTC 2014
Hi Joseph, Razique,
Thank you for response. I tried adding security-groups from dashboard, but
it doesnt help. I was trying to spoof a VM instance with spoof source MAC
and spoof source IP, but the packet is not reaching br-int. If I give
proper source MAC and proper source IP, the packet reaches br-int and
things work normal. I observed Openstack stops spoof packets which are
not originating from VM instance before reaching br-int (at tap interface).
I need help to send a spoof packet from VM. Is there any way to disable
Also adding security group rules using command line and using dash-board
are they same?
On Sat, Mar 29, 2014 at 3:58 AM, Joseph Breu <breu at breu.org> wrote:
> iptables changes are made by neutron and a variety of other services and
> those should not be modified by hand. They will be re-created when certain
> actions are triggered in OpenStack.
> If you are trying to change the iptables rules for a launched instance
> that should be done with security groups and not by direct manipulation of
> the iptables rules.
> Maybe you could describe that it is you are trying to do and we can
> provide guidance?
> Joseph Breu
> Deployment Engineer
> Rackspace Private Cloud
> On Mar 28, 2014, at 3:10 PM, shiva m <anjaneya2 at gmail.com> wrote:
> Hi Razique,
> Thank you for your reply. You mean iptables-save as configuration? So, if
> i edit a chain in iptables-save and re-store back, does added rule gets
> I did a iptables -F on a chain and all iptable rules for that neutron
> chain got deleted. But the moment I restart VM or launch a new VM, deleted
> chain rules got reloaded into iptables.
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators