yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1212168] Re: Can't dnat from 169.254.169.254:80 to host:8775

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 03 Oct 2013 08:01:26 -0000
Reply-to: Bug 1212168 <1212168@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1212168

Title:
  Can't dnat from 169.254.169.254:80 to host:8775

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  After setting "enable_metadata_proxy=False" on /etc/neutron/l3_agent.ini, which means shut down the
  neutron-ns-metadata-proxy, and choose to use nova metadata, but there still have a rule as below:

  iptables -t nat -D neutron-l3-agent-PREROUTING -d 169.254.169.254/32
  -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697

  which will block the rules

  iptables -t nat -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp
  --dport 80 -j DNAT --to-destination $HOST:8775

  I think this is a bug, it should be fixed in the code, if not enable neutron metadata , then don't add the first rule.
  Thanks advance for any advice.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1212168/+subscriptions