Sorry I forgot to mention that I've already changed this. This option is
in openvswitch_agent.ini right? It helps for VMs, but not routers
09.10.2016 13:33, [email protected] пишет:
Hi,
check prevent_arp_spoofing and set it to False, [1]
BR,
Konstantin
[1]
http://docs.openstack.org/mitaka/config-reference/networking/networking_options_reference.html
-----Original Message-----
From: Артем Плакунов [mailto:[email protected]]
Sent: Friday, October 07, 2016 7:59 PM
To: [email protected]
Subject: [Openstack] How to disable anti-spoofing rules on router?
Hello everyone.
I found out that openstack router drops packets going from it's internal network
into the Internet if the source IP address in the packet does not belong to
router's internal subnet.
I tried to disable security groups globally and set port_security_enabled to
False
on the router's port but this did not help.
tcpdump on router's internal interface shows packets arriving fine, but nothing
goes outside. Packets are probably dropped somewhere within router's iptables
rules but I couldn't find exact rule that does this.
Is there a way around this behavior? Or maybe someone can direct me to the
exact iptables rule?
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
