Yes this is openstack-ansible deployment tool which set them up. I am wondering where are these rules saved? I believe openstack-ansible use LXC container to deploy services so must be part of LXC startup scripts.
I have checked there is no firewalld and iptables service running on system.. You think i should get rid of all CHEKSUM option in iptables rules? Am i right? On Sun, Aug 5, 2018 at 4:02 PM, Florian Westphal <f...@strlen.de> wrote: > Satish Patel <satish....@gmail.com> wrote: >> > [84166:59495417] -A POSTROUTING -p tcp -m tcp --sport 80 -j CHECKSUM >> > --checksum-fill >> > [68739:5153476] -A POSTROUTING -p tcp -m tcp --sport 8000 -j CHECKSUM >> > --checksum-fill > > These rules make no sense to me, and are also source of your backtrace. > Who set this up? > > If this is coming from openstack, I suggest asking openstack developers > WTH this is supposed to do. > >> > [755:275452] -A POSTROUTING -s 10.0.3.0/24 -o lxcbr0 -p udp -m udp >> > --dport 68 -j CHECKSUM --checksum-fill > > This was needed to work around dhcpd issues w. checksum offloading but I > guess that DCHCP will work fine without this rule too nowadays. > > So I suggest you simply get rid of these rules.
