Hi, Environment: Ubuntu 13.10 + Ryu+ DevStack Havana (single node setup). Need to use a VM as a proxy to examine packets before forwarding them to original destination. Packet will be rerouted to Proxy VM using Ryu SDN. [VM1] --> [Proxy VM] --> [VM2]. However, anti-spoofing rules prevent me to do this. (Rant mode on: Did the OpenStack developers not envision that researchers may want to use VMs as proxies? Why did they make it almost impossible to disable the anti-spoofing mechanism?). Tried the following things: a) Flushing IPTables ... no go. IPTables shows up as flushed completely. But blockage is still there for spoofed packets. b) Edited virt/libvirt/firewall.py file to set base_filter as nova-vpn (which should not get any anti-spoof filters). Did a reset on q-svc, n-api. But no go. c) In localrc, file set Q_USE_SECGROUP=False. I now see that IPTables does not have those anti-spoofing rules listed. Still the spoofed packets do not go through. d) Did a "sudo virsh nwfilter-edit nova-base" and deleted the anti-spoofing lines in the xml file. And also deleted the DROP rules from IPTables (using iptables-save > dump, edit dump, iptables-restore < dump). Still nothing happened. What else can I try ? Thanks.
------------------------------------------------------------------------------
_______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
