| Thread Previous • Date Previous • Date Next • Thread Next |
On 2013年01月09日 23:05, Joe Warren-Meeks wrote: > Hi Jian, > > Firstly, thanks for your time helping me with this, it is much > appreciated. > > I've probably misunderstood your answer, but currently whenever a new > instance is booted or a floating IP is added or removed, the SNAT rule > I want removed comes back. I'd like to stop that rule ever coming back. > > I'm about to dig into the python to try to find where it get reset, > but any pointers you could offer would be greatly appreciated! > > -- joe. > > > > On 9 January 2013 14:34, Jian Wen <jian.wen@xxxxxxxxxxxxx > <mailto:jian.wen@xxxxxxxxxxxxx>> wrote: > > On 2013年01月09日 21:58, Joe Warren-Meeks wrote: >> Hi guys, >> >> I've managed to disable NAT by deleting the correct rule. This >> means all my instances are properly routable no, which is exactly >> what I want. >> >> To do this, I'm using >> >> iptables -vnL -t nat --line-numbers >> >> to get the rule number from the nova-network-snat chain and >> deleting it using: >> >> iptables -t nat -D nova-network-snat <num> >> >> My question is when and where are those snat rules created, so >> that I can prevent them from being setup in the first place. >> >> Kind regards >> >> -- joe. >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack> >> Post to : openstack@xxxxxxxxxxxxxxxxxxx <mailto:openstack@xxxxxxxxxxxxxxxxxxx> >> Unsubscribe : https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack> >> More help : https://help.launchpad.net/ListHelp > 1. delete all floating ips > allocate a floating ip to instance will create a SNAT rule > and 2 DNAT rules. > 2. iptables -t nat -I nova-network-float-snat -j RETURN > avoid the shared SNAT rule > -I Insert rule in the nova-network-float-snat chain as the first rule. -j RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. iptables -t nat -I nova-network-snat -j RETURN No need to exec `iptables -t nat -I nova-network-float-snat -j RETURN`, sorry for the quick reply. After this command, SNAT rule created but will not be used at all. The result of ping 8.8.8.8 will be 100% packet loss You don't have to touch the code. nova/nova/network/linux_net.py nova/nova/network/l3.py > > -- > Jian Wen > Software Engineer, Services and Support Team > Canonical, Ltd > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > <https://launchpad.net/%7Eopenstack> > Post to : openstack@xxxxxxxxxxxxxxxxxxx > <mailto:openstack@xxxxxxxxxxxxxxxxxxx> > Unsubscribe : https://launchpad.net/~openstack > <https://launchpad.net/%7Eopenstack> > More help : https://help.launchpad.net/ListHelp > > -- Jian Wen Software Engineer, Services and Support Team Canonical, Ltd
| Thread Previous • Date Previous • Date Next • Thread Next |
