[Openstack] Receive all traffic in my tenant in a specific instance

Alioune balioune3 at gmail.com
Wed Aug 12 15:02:51 UTC 2015

Hi Dear All,

I am running instances belonging to the same tenant and I would like to
read with tcpdump all traffic going through the tenant from one specific

I am trying to modify neutron security groups  chain
neutron-ofagent--sg-chain in order to do that.

I have run iptables -L neutron-ofagent--s3287af4f-b --line-numbers command,
which has the following output ( is the address of instance on
which I would like to analyse traffic)

Chain neutron-ofagent--s3287af4f-b (1 references)

num target prot opt source destination

1 RETURN all -- anywhere MAC FA:16:3E:AA:94:F0 /* Allow traffic
from defined IP/MAC pairs. */

2 DROP all -- anywhere anywhere /* Drop traffic without an IP/MAC allow
rule. */

Someone have suggestion about what rule I must add to allow the instance
attached to that port to receive all packets in its tenant ?

I am using Juno version of Openstack.

Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150812/c81adcd6/attachment.html>

More information about the Openstack mailing list