Reviewed: https://review.openstack.org/279433 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5d2d1120fcdcd5977d3c760ac1520a841048d456 Submitter: Jenkins Branch: master
commit 5d2d1120fcdcd5977d3c760ac1520a841048d456 Author: Dmitry Sutyagin <[email protected]> Date: Fri Feb 12 12:18:14 2016 +0300 Switches metering agent to stateless iptables If state_less parameter is not specified then neutron-postrouting-bottom rule goes up in POSTROUTING chain, which causes premature NATing of traffic, for ex. traffic between internal networks becomes NATed. Closes-Bug: 1544508 Co-Authored-By: Sergey Belous <[email protected]> Change-Id: I2e0011237d50a59d417cfee01dcd5f9d0da2e7f5 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1544508 Title: neutron-meter-agent - makes traffic between internal networks NATed Status in neutron: Fix Released Bug description: If neutron-meter-agent is installed and enabled, and a meter-label is created, all traffic between internal networks becomes NATed, which is unexpected and potentially causes firewall/routing issues. This happens because meter-agent does not define stateless flag during iptables initialization which later during _modify_rules in agent/linux/iptables_manager.py results in moving the following rules: before: -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom after: -A POSTROUTING -j neutron-postrouting-bottom -A POSTROUTING -j neutron-l3-agent-POSTROUTING The attached patch fixes the issue by setting "state_less=True" for metering agent's iptables_manager. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1544508/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
