yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1735866] [NEW] Snat namespace misses iptables rules for floating ip.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1735866@xxxxxxxxxxxxxxxxxx>
Date: Sat, 02 Dec 2017 01:43:54 -0000
Reply-to: Bug 1735866 <1735866@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

For DVR, the following iptables rule is missed in the snat namespace:
"-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat"

This results in that snat rules will work instead of floating ip when
accessing to the internet.

Adding following code at [1] can fix this:

self.snat_iptables_manager.ipv4['nat'].add_rule('snat',
                                                            '-j $float-snat')

[1]https://github.com/openstack/neutron/blob/master/neutron/agent/l3/dvr_edge_router.py#L197

** Affects: neutron
     Importance: Undecided
     Assignee: sunzuohua (zuohuasun)
         Status: New

-- 
Snat namespace misses iptables rules for floating ip.
https://bugs.launchpad.net/bugs/1735866
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron.