Florian, I have removed those port 80 CHECKSUM rules and everything looks good i didn't see kernel WARN mesg.
Thank you so much! You just nailed it :) On Sun, Aug 5, 2018 at 4:15 PM, Satish Patel <satish....@gmail.com> wrote: > Florian, > > It seems those rules coming from here > https://github.com/openstack/openstack-ansible-os_neutron/blob/master/files/post-up-metadata-checksum > > On Sun, Aug 5, 2018 at 4:09 PM, Satish Patel <satish....@gmail.com> wrote: >> Yes this is openstack-ansible deployment tool which set them up. I am >> wondering where are these rules saved? I believe openstack-ansible use >> LXC container to deploy services so must be part of LXC startup >> scripts. >> >> I have checked there is no firewalld and iptables service running on system.. >> >> You think i should get rid of all CHEKSUM option in iptables rules? Am i >> right? >> >> >> On Sun, Aug 5, 2018 at 4:02 PM, Florian Westphal <f...@strlen.de> wrote: >>> Satish Patel <satish....@gmail.com> wrote: >>>> > [84166:59495417] -A POSTROUTING -p tcp -m tcp --sport 80 -j CHECKSUM >>>> > --checksum-fill >>>> > [68739:5153476] -A POSTROUTING -p tcp -m tcp --sport 8000 -j CHECKSUM >>>> > --checksum-fill >>> >>> These rules make no sense to me, and are also source of your backtrace. >>> Who set this up? >>> >>> If this is coming from openstack, I suggest asking openstack developers >>> WTH this is supposed to do. >>> >>>> > [755:275452] -A POSTROUTING -s 10.0.3.0/24 -o lxcbr0 -p udp -m udp >>>> > --dport 68 -j CHECKSUM --checksum-fill >>> >>> This was needed to work around dhcpd issues w. checksum offloading but I >>> guess that DCHCP will work fine without this rule too nowadays. >>> >>> So I suggest you simply get rid of these rules.
