[Openstack-operators] Help on Iptables in Openstack

Jesse Pretorius jesse.pretorius at gmail.com
Thu Apr 17 07:31:25 UTC 2014

On 14 April 2014 17:47, shiva m <anjaneya2 at gmail.com> wrote:

> I have figured  some  way to  allow  ip  spoofing  by using Q_USE_SECGROUP
> = false and changing nova-base.xml  file.  But I am  still struggling to
> send spoof packets  to my router  VM. I  see my packet  is getting blocked
> at qbr bridge  between OVS and  VM. Could you please help me, how do I
> prevent these  ebtable  rules at  qbr bridge to get  applied to my packets
> or how do i stop  these  ebtables applied  at qbr (bridge).

By removing security groups I think you're doing yourself a major
disservice, especially considering that it's a global setting.

I just picked this up this morning:

Perhaps that helps? It's a formal, supported, way to allow alternative MAC
and IP Addresses to communicate on a port.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140417/182299ea/attachment.html>

More information about the OpenStack-operators mailing list