[Openstack] How to disable anti-spoofing rules on router?
Артем Плакунов
aplakunov at arccn.ru
Fri Oct 7 17:59:18 UTC 2016
Hello everyone.
I found out that openstack router drops packets going from it's internal
network into the Internet if the source IP address in the packet does
not belong to router's internal subnet.
I tried to disable security groups globally and set
port_security_enabled to False on the router's port but this did not help.
tcpdump on router's internal interface shows packets arriving fine, but
nothing goes outside. Packets are probably dropped somewhere within
router's iptables rules but I couldn't find exact rule that does this.
Is there a way around this behavior? Or maybe someone can direct me to
the exact iptables rule?
More information about the Openstack
mailing list