Chain ryu_neutron_agen-s85e1f2a9-c (1 references)
target prot opt
source
destination
RETURN all --
10.0.0.3
anywhere
MAC FA:16:3E:73:59:71
DROP all -- anywhere
anywhere
and not able to send packet from guest VMs.
Environment: Ubuntu 13.10 + DevStack Havana (single node setup).
Need to use a VM as a proxy to examine packets before forwarding
them to original destination. Packet will be rerouted to Proxy VM using SDN.
[VM1] --> [Proxy VM] --> [VM2].
However, anti-spoofing rules prevent me to do this. (Rant mode
on: Did the OpenStack developers not envision that researchers may want to use
VMs as proxies? Why did they make it almost impossible to disable the
anti-spoofing mechanism?).
Tried the following things:
a) Flushing IPTables ... no go. IPTables shows up as flushed
completely. But blockage is still there for spoofed packets.
b) Edited virt/libvirt/firewall.py file to set base_filter as
nova-vpn (which should not get any anti-spoof filters). Did a reset on q-svc,
n-api. But no go.
c) In localrc, file set Q_USE_SECGROUP=False. I now see that
IPTables does not have those anti-spoofing rules listed. Still the spoofed
packets do not go through.
d) Did a "sudo virsh nwfilter-edit nova-base" and
deleted the anti-spoofing lines in the xml file. And also deleted the DROP
rules from IPTables (using iptables-save > dump, edit dump, iptables-restore
< dump).
Still nothing happened.
What else can I try ?
Thanks,
Shankar.
------------------------------------------------------------------------------
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel
