I agree with Brian Let neutron do all the work and now those rules are in the namespace. Therefore I would suggest to try and let all the services do their job and see it that works
Inviato da iPhone > Il giorno 04 feb 2016, alle ore 06:56, Brian Haley <[email protected]> ha > scritto: > >> On 02/04/2016 07:05 AM, Kamen Tarlov wrote: >> Hello, >> >> We have a single node installation with RDO Kilo release. Network >> configuration >> consist of 2 private networks and one of them is floating. Networks are >> routed >> just inside the node. The problem I`m facing is when I try to configure the >> DNAT rules to reroute the traffic/ports to VM. Initially the traffic to VM >> works >> fine until neutron reorders the rules on top: >> >> Chain PREROUTING (policy ACCEPT) >> target prot opt source destination >> neutron-openvswi-PREROUTING all -- anywhere anywhere >> nova-api-PREROUTING all -- anywhere anywhere >> >> Is there any way I can prevent this or set them with lower priority? > > I guess my first question is, why are you manually adding DNAT rules? Why > aren't you letting Neutron manage iptables for the VMs? You would need to > give more information on the exact rule you are trying to add to help make > things clearer. > > As a rule of thumb, it's a bad idea to try and add/remove iptables rules > while Neutron agents are running, you will eventually find yourself in a race > condition where rules are missing and things don't work. If you need to add > a rule I would recommend doing it before the agents are started, that way it > will get left alone. > > -Brian > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > !DSPAM:1,56b3696676807417054422! > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
