Hy there!
We have a setup, with the network type, when the compute nodes have vlan
interfaces, and those are bridged into OVS. Those networks have public
ipv4 and ipv6 subnets, and they given to users, so they can get VPS like
public IP, if they want.
My problem is one of our customer, who want a routed subnet to his
public IP address... We are an ISP, so routing that on our routers will
not a thing, i have problems with this setup in openstack.
So, if I route a v4 /29 to my public IP, the packages wil came by on
security group and the host can see incomeing ICMP packets, but the
reply will fall on the compute node's iptables ruleset.
If i just add a rule to FORWARD chain, whic allows the routed subnet go
out from the tenant (-I FORWARD -s x.x.x.x/29 -j ACCEPT) it will starts
working...
Are there any ways, how can we do this without start to maintain IP
lists, and "hack" the dynamic firewall with some static rules on the
compute nodes?
Thanks:
Peter
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
