[openstack-dev] [Neutron] How to set port_filter in port binding?
Alexandre Levine
alevine at cloudscaling.com
Thu Sep 25 20:56:24 UTC 2014
Hi All,
I'm looking for a way to set port_filter flag to False for port binding.
Is there a way to do this in IceHouse or in current Juno code? I use
devstack with the default ML2 plugin and configuration.
According to this guide
(http://docs.openstack.org/api/openstack-network/2.0/content/binding_ext_ports.html)
it should be done via binding:profile but it gets only recorded in the
dictionary of binding:profile and doesn't get reflected in vif_details
as supposed to.
I tried to find any code in Neutron that can potentially do this
transferring from incoming binding:profile into binding:vif_details and
found none.
I'd be very grateful if anybody can point me in the right direction.
And by the by the reason I'm trying to do this is because I want to use
one instance as NAT for another one in private subnet. As a result of
ping 8.8.8.8 from private instance to NAT instance the reply gets
Dropped by the security rule in iptables on TAP interface of NAT
instance because the source is different from the NAT instance IP. So I
suppose that port_filter is responsible for this behavior and will
remove this restriction in iptables.
Best regards,
Alex Levine
More information about the OpenStack-dev
mailing list