openstack team mailing list archive

Thread
Date

Re: Disabling NAT

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Jian Wen <jian.wen@xxxxxxxxxxxxx>
Date: Wed, 09 Jan 2013 22:34:34 +0800
In-reply-to: <CABdqt2+JS6GbZbQxrO8d-P0envGHBDig3aGrbKqSUniCTQU9Wg@mail.gmail.com>
Reply-to: jian.wen@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 2013?01?09? 21:58, Joe Warren-Meeks wrote:
> Hi guys,
>
> I've managed to disable NAT by deleting the correct rule. This means
> all my instances are properly routable no, which is exactly what I want.
>
> To do this, I'm using 
>
> iptables -vnL -t nat --line-numbers 
>
> to get the rule number from the nova-network-snat chain and deleting
> it using:
>
> iptables -t nat -D nova-network-snat <num>
>
> My question is when and where are those snat rules created, so that I
> can prevent them from being setup in the first place.
>
> Kind regards
>
>  -- joe.
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
1. delete all floating ips
     allocate a floating ip to instance will create a SNAT rule and 2
DNAT rules.
2. iptables -t nat -I nova-network-float-snat -j RETURN
    avoid the shared SNAT rule

-- 
Jian Wen
Software Engineer, Services and Support Team
Canonical, Ltd

References

Disabling NAT
From: Joe Warren-Meeks, 2013-01-09