<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">agree. You may have to look at FWaaS. <div class=""><br class=""></div><div class="">Remo <br class=""><div style=""><blockquote type="cite" class=""><div class="">On Aug 13, 2015, at 9:07 AM, Sridhar Gaddam <<a href="mailto:sgaddam@redhat.com" class="">sgaddam@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
AFAIK yes, your OpenStack setup would work fine. <br class="">
But the Security Group (including anti-spoofing) rules will not have
any effect to the traffic that is generated by the VMs.<br class="">
<br class="">
<div class="moz-cite-prefix">On 08/13/2015 04:49 PM, FASEELA.ASHRAF
wrote:<br class="">
</div>
<blockquote cite="mid:CAMLVTo+P-SZw1YjO5GmK_uKdXoHvdnmmivhznj_0rYHZTZtgtA@mail.gmail.com" type="cite" class="">
<div dir="ltr" class="">Is it necessary only for implementing security
group policy? Even if I don't set this, the open stack
installation and a fully functional openstack environment should
work, isn't it?<br class="">
</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Thu, Aug 13, 2015 at 2:01 PM,
Sridhar Gaddam <span dir="ltr" class=""><<a moz-do-not-send="true" href="mailto:sgaddam@redhat.com" target="_blank" class="">sgaddam@redhat.com</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF" class=""> Neutron implements
Security Groups by applying iptable rules on Linux bridge.
So, we need these parameters to be set.<br class="">
Please see [1] for details.<br class="">
[1] - <a moz-do-not-send="true" href="https://bugs.launchpad.net/openstack-manuals/+bug/1359691" target="_blank" class="">https://bugs.launchpad.net/openstack-manuals/+bug/1359691</a>
<div class="">
<div class="h5"><br class="">
<br class="">
On 08/13/2015 01:50 PM, FASEELA.ASHRAF wrote:<br class="">
<blockquote type="cite" class="">
<div dir="ltr" class="">I installed the package bridge-utils
and the error remains the same. In other versions
of Openstack like Juno and kilo these lines:<br class="">
<br class="">
<div class="">
<div class="gmail_extra">net.bridge.bridge-nf-call-arptables=1<br class="">
net.bridge.bridge-nf-call-iptables=1<br class="">
net.bridge.bridge-nf-call-ip6tables=1<br class="">
<br class="">
</div>
<div class="gmail_extra">are not used in the
sysctl file. So are they mandatory ?<br class="">
<br class="">
<br class="">
<br class="">
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Thu, Aug 13, 2015
at 1:21 PM, Andreas Scheuring <span dir="ltr" class=""><<a moz-do-not-send="true" href="mailto:scheuran@linux.vnet.ibm.com" target="_blank" class="">scheuran@linux.vnet.ibm.com</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">Can you try
the package bridge-utils?<br class="">
<div class="">
<div class=""><br class="">
On Do, 2015-08-13 at 11:15 +0530,
FASEELA.ASHRAF wrote:<br class="">
> Hi ,<br class="">
><br class="">
> I am trying to install a 3 node
architecture of Openstack icehouse<br class="">
> version on my Ubuntu 14.04LTS . I
would like to know if it is<br class="">
> necessary to add the following
lines to sysctl.conf in network node.<br class="">
>
net.bridge.bridge-nf-call-arptables=1<br class="">
>
net.bridge.bridge-nf-call-iptables=1<br class="">
>
net.bridge.bridge-nf-call-ip6tables=1<br class="">
><br class="">
> When running the command sysctl
-p following errors are shown :<br class="">
> sysctl: cannot stat
/proc/sys/net/bridge/bridge-nf-call-arptables:
No such file or directory<br class="">
> sysctl: cannot stat
/proc/sys/net/bridge/bridge-nf-call-iptables:
No such file or directory<br class="">
> sysctl: cannot stat
/proc/sys/net/bridge/bridge-nf-call-ip6tables:
No such file or directory<br class="">
><br class="">
> Am I missing some package in my
system?<br class="">
><br class="">
><br class="">
><br class="">
</div>
</div>
>
_______________________________________________<br class="">
> Mailing list: <a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">
> Post to : <a moz-do-not-send="true" href="mailto:openstack@lists.openstack.org" target="_blank" class="">openstack@lists.openstack.org</a><br class="">
> Unsubscribe : <a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">
<span class=""><font color="#888888" class=""><br class="">
--<br class="">
Andreas<br class="">
(IRC: scheuran)<br class="">
<br class="">
<br class="">
</font></span></blockquote>
</div>
<br class="">
</div>
</div>
</div>
<br class="">
<fieldset class=""></fieldset>
<br class="">
<pre class="">_______________________________________________
Mailing list: <a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a moz-do-not-send="true" href="mailto:openstack@lists.openstack.org" target="_blank" class="">openstack@lists.openstack.org</a>
Unsubscribe : <a moz-do-not-send="true" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br class="">
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
!DSPAM:1,55ccc2d8319225393376032!
</div>
_______________________________________________<br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">Post to : <a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class=""><br class=""><br class="">!DSPAM:1,55ccc2d8319225393376032!<br class=""></div></blockquote></div><br class=""></div></body></html>