Hi, Security groups driver in Neutron is not doing any „magic” with iptables. All what is done there is implemented by iptables rules. So I think You should turn on security groups again and then dump all iptables rule, e.g. with „iptables-save” command and check what is blocking Your packets. You can also use „iptables -nvL” command to display number of packets going through each of rules - then You can easily find where You packets are dropped if You don’t have a lot of different traffic on this host :)
Wiadomość napisana przez 陈炤 <qishiyexu2@126.com> w dniu 25.11.2018, o godz. 08:00:
Hi,
I am building an openstack all-in-one environment in a CentOS7.4 machine. For some reason I have only one network interface(eth0) and one ip address, so I created a linux bridge(br0), and forwarded datas to eth0 using iptables command:
iptables -t nat -A POSTROUTING -s {bridge virtual ip} -j SNAT --to {eth0 ip}
But it seems not work.
When I ping to 8.8.8.8 from br0 and run tcpdump, I can see that datas can be forwared to eth0 and be sent to 8.8.8.8, but when datas are sent back to eth0, they can not be forwarded to br0.
Ip forwarding, net.bridge.bridge-nf-call-iptables and net.bridge.bridge-nf-call-ip6tablesare set to 1.
If I close security group by setting securitygroup = false, this rule works fine, but if I use iptables -F instead, the rule is not work. Does the securitygroup have a magic to trap iptables?
BR
Don
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
— Slawek Kaplonski Senior software engineer Red Hat