Hi Alex,
a spoof filter is set by default to avoid that a VM can send packets
whose source address is different from the VM's address. There's no
option to change that.
cheers,
Rossella
On 09/25/2014 10:59 PM, Alexandre Levine wrote:
Hi All,
I'm looking for a way to set port_filter flag to False for port binding.
Is there a way to do this in IceHouse or in current Juno code? I use
devstack with the default ML2 plugin and configuration.
According to this guide
(http://docs.openstack.org/api/openstack-network/2.0/content/binding_ext_ports.html)
it should be done via binding:profile but it gets only recorded in the
dictionary of binding:profile and doesn't get reflected in vif_details
as supposed to.
I tried to find any code in Neutron that can potentially do this
transferring from incoming binding:profile into binding:vif_details and
found none.
I'd be very grateful if anybody can point me in the right direction.
And by the by the reason I'm trying to do this is because I want to use
one instance as NAT for another one in private subnet. As a result of
ping 8.8.8.8 from private instance to NAT instance the reply gets
Dropped by the security rule in iptables on TAP interface of NAT
instance because the source is different from the NAT instance IP. So I
suppose that port_filter is responsible for this behavior and will
remove this restriction in iptables.
Best regards,
Alex Levine
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
