Hi, check prevent_arp_spoofing and set it to False, [1] BR, Konstantin [1] http://docs.openstack.org/mitaka/config-reference/networking/networking_options_reference.html > -----Original Message----- > From: Артем Плакунов [mailto:aplakunov at arccn.ru] > Sent: Friday, October 07, 2016 7:59 PM > To: openstack at lists.openstack.org > Subject: [Openstack] How to disable anti-spoofing rules on router? > > Hello everyone. > I found out that openstack router drops packets going from it's internal network > into the Internet if the source IP address in the packet does not belong to > router's internal subnet. > > I tried to disable security groups globally and set port_security_enabled to False > on the router's port but this did not help. > tcpdump on router's internal interface shows packets arriving fine, but nothing > goes outside. Packets are probably dropped somewhere within router's iptables > rules but I couldn't find exact rule that does this. > > Is there a way around this behavior? Or maybe someone can direct me to the > exact iptables rule? > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack