Open Stack

Hi,

i have done an experiment to create an image of pfSense 
(www.pfsense.org) that is used like a router in my tenant.


I've installed "virtio" driver on FreeBSD 8.3 for networking & disk 
support and image work perfectly.

I have a "demo" tenant with this network topology:

* WAN: 192.168.100.0/24 - DHCP Enabled - Gateway 192.168.100.1
* LAN: 10.0.0.0/24 - DHCP Enabled - No Gateway
* Router with 192.168.100.0/24 interface and connected to ext_net

Inside this tenant there are two VM:

1) pfSense -  An instance of pfSense that I use like a router with two 
network card (WAN:192.168.100.2 & LAN:10.0.0.2)
2) cirros  - An instance of Cirros connected with one network card to 
LAN 10.0.0.4

In cirros I've change default route to point to 10.0.0.2 address so 
pfSense can route packet to WAN for me.

But routing doesn't work.

After a bit of testing, I realized that it's a problem with a DROP 
iptables rule, generated by agent on the hypervisor where VM runs,  for 
protect by spoofing attack.

It's possible to deactivate this rule for a single port with neutron API ?

Thanks,

Salvo.





-- 
Salvo