[Openstack-operators] Juno neutron - Tenant Network with multiple routers, how to nat/filter ?
Saverio Proto
zioproto at gmail.com
Fri Nov 27 19:28:31 UTC 2015
Hello,
I have a cloud user that is trying to implement the following topology
ext_net <|R1|> internal_net <|R2|> dbservers_network
where
- internal_net: 10.0.2.0/24
- dbservers_net: 10.0.3.0/24
Now according to the documentation:
http://docs.openstack.org/admin-guide-cloud/networking_adv-features.html
My user was able to set up the necessary static routes on R1 to reach
the dbservers_network and on R2 to have a default via R1
However, it seems impossible to manipulate Nat rules on R1 and R2.
R1 for example will SNAT traffic only for source IPs into 10.0.2.0
making impossible for hosts in dbservers_network to access the
Internet.
To see the configuration, I can as an Operator use iptables commands
into the namespaces on the network node. But what can users do ?
So far, I ended up with the feeling, that is not possible to have two
hop topologies where hosts two hops away from the gateway can make
traffic with the outside Internet. Is this really the case ?
thanks !
Saverio
More information about the OpenStack-operators
mailing list