Sorry I forgot to mention that I've already changed this. This option is in openvswitch_agent.ini right? It helps for VMs, but not routers 09.10.2016 13:33, Kostiantyn.Volenbovskyi at swisscom.com пишет: > Hi, > > check prevent_arp_spoofing and set it to False, [1] > > BR, > Konstantin > [1] http://docs.openstack.org/mitaka/config-reference/networking/networking_options_reference.html > > >> -----Original Message----- >> From: Артем Плакунов [mailto:aplakunov at arccn.ru] >> Sent: Friday, October 07, 2016 7:59 PM >> To: openstack at lists.openstack.org >> Subject: [Openstack] How to disable anti-spoofing rules on router? >> >> Hello everyone. >> I found out that openstack router drops packets going from it's internal network >> into the Internet if the source IP address in the packet does not belong to >> router's internal subnet. >> >> I tried to disable security groups globally and set port_security_enabled to False >> on the router's port but this did not help. >> tcpdump on router's internal interface shows packets arriving fine, but nothing >> goes outside. Packets are probably dropped somewhere within router's iptables >> rules but I couldn't find exact rule that does this. >> >> Is there a way around this behavior? Or maybe someone can direct me to the >> exact iptables rule? >> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack at lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack