On 14 April 2014 17:47, shiva m <anjaneya2 at gmail.com> wrote: > I have figured some way to allow ip spoofing by using Q_USE_SECGROUP > = false and changing nova-base.xml file. But I am still struggling to > send spoof packets to my router VM. I see my packet is getting blocked > at qbr bridge between OVS and VM. Could you please help me, how do I > prevent these ebtable rules at qbr bridge to get applied to my packets > or how do i stop these ebtables applied at qbr (bridge). > By removing security groups I think you're doing yourself a major disservice, especially considering that it's a global setting. I just picked this up this morning: http://docs.openstack.org/admin-guide-cloud/content/section_allowed_address_pairs.html Perhaps that helps? It's a formal, supported, way to allow alternative MAC and IP Addresses to communicate on a port. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140417/182299ea/attachment.html>