Open Stack

On 02/17/2016 6:02 am, Tomas Vondra wrote:
> Andre Goree <andre at ...> writes:
> 
>> I am trying to determine how exactly I can manipulate traffic from a
>> _guest's_ NIC using iptables on the _host_.  On the host, there is a
>> bridged virtual NIC that corresponds to the guest's NIC.  That 
>> interface
>> does not have an IP setup on it on the host, however within the vm
>> itself the IP is configured and everything works as expected.
> 
> Hi!
> No IP on the interface does not prevent you from using iptables. The 
> kernel
> filters any packets it sees. From what I remember from the OpenStack
> developers, you can't use iptables with OpenVSwitch, but attaching 
> rules to
> a linux brcrl bridge should be perfectly fine.
> Tomas
> 
> 

Ugh, from what I've seen the packets from guest's interface do not even 
reach the host's iptables.  I'm going to go through and setup the lab 
multi-node environment again and see if I can drill down from there.  I 
must be missing something.  From what I've seen, even logging everything 
possible iptables (on the host) is not seeing any traffic exiting the 
guest's interface.  I'll triple-check how exactly I'm determining that 
too, given your response.  Thanks Tomas!


-- 
Andre Goree
-=-=-=-=-=-
Email     - andre at drenet.net
Website   - http://www.drenet.net
PGP key   - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-