<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2013年01月09日 23:05, Joe Warren-Meeks
wrote:<br>
</div>
<blockquote
cite="mid:CABdqt2LzPBLYmgzEg3ML8Ds9c9qjLW2f=w5S8dLncyG-3Bb3-g@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Jian,
<div><br>
</div>
<div>Firstly, thanks for your time helping me with this, it is
much appreciated.</div>
<div><br>
</div>
<div style="">I've probably misunderstood your answer, but
currently whenever a new instance is booted or a floating IP
is added or removed, the SNAT rule I want removed comes back.
I'd like to stop that rule ever coming back. </div>
<div style=""><br>
</div>
<div style="">I'm about to dig into the python to try to find
where it get reset, but any pointers you could offer would be
greatly appreciated!</div>
<div style=""><br>
</div>
<div style=""> -- joe.</div>
<div style="">
<br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 9 January 2013 14:34, Jian Wen <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:jian.wen@canonical.com" target="_blank">jian.wen@canonical.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 2013年01月09日 21:58, Joe Warren-Meeks wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi guys,
<div><br>
</div>
<div>I've managed to disable NAT by deleting the
correct rule. This means all my instances are
properly routable no, which is exactly what I
want.</div>
<div><br>
</div>
<div>To do this, I'm using </div>
<div><br>
</div>
<div>iptables -vnL -t nat --line-numbers </div>
<div><br>
</div>
<div>to get the rule number from the
nova-network-snat chain and deleting it using:</div>
<div><br>
</div>
<div> iptables -t nat -D nova-network-snat
<num><br>
</div>
<div><br>
</div>
<div>My question is when and where are those snat
rules created, so that I can prevent them from
being setup in the first place.</div>
<div> <br>
</div>
<div>Kind regards</div>
<div><br>
</div>
<div> -- joe.</div>
<div><br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Mailing list: <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
1. delete all floating ips<br>
allocate a floating ip to instance will create a SNAT
rule and 2 DNAT rules. <br>
2. iptables -t nat -I nova-network-float-snat -j RETURN<br>
avoid the shared SNAT rule<span class="HOEnZb"><font
color="#888888"><br>
<br>
</font></span></div>
</blockquote>
</div>
</div>
</blockquote>
-I Insert rule in the nova-network-float-snat chain as the first
rule.<br>
-j RETURN means stop traversing this chain and resume at the next
rule in the previous (calling) chain.<br>
<br>
iptables -t nat -I nova-network-snat -j RETURN<br>
No need to exec `iptables -t nat -I nova-network-float-snat -j
RETURN`, sorry for the quick reply.<br>
After this command, SNAT rule created but will not be used at all.
<br>
The result of ping 8.8.8.8 will be 100% packet loss<br>
<br>
You don't have to touch the code. <br>
nova/nova/network/linux_net.py<br>
nova/nova/network/l3.py
<blockquote
cite="mid:CABdqt2LzPBLYmgzEg3ML8Ds9c9qjLW2f=w5S8dLncyG-3Bb3-g@mail.gmail.com"
type="cite">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="HOEnZb"><font
color="#888888">
<pre cols="72">--
Jian Wen
Software Engineer, Services and Support Team
Canonical, Ltd</pre>
</font></span></div>
<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Jian Wen
Software Engineer, Services and Support Team
Canonical, Ltd</pre>
</body>
</html>