Hi,


I am building an openstack all-in-one environment in a CentOS7.4 machine. For 
some reason I have only one network interface(eth0) and one ip address, so I 
created a linux bridge(br0), and forwarded datas to eth0 using iptables command:

iptables -t nat -A POSTROUTING -s {bridge virtual ip} -j SNAT --to {eth0 ip}


But it seems not work.

When I ping to 8.8.8.8 from br0 and run tcpdump, I can see that datas can be 
forwared to eth0 and be sent to 8.8.8.8, but when datas are sent back to eth0, 
they can not be forwarded to br0.

Ip forwarding, net.bridge.bridge-nf-call-iptables and 
net.bridge.bridge-nf-call-ip6tablesare set to 1.

If I close security group by setting securitygroup = false, this rule works 
fine, but if I use iptables -F  instead, the rule is not work. Does the 
securitygroup have a magic to trap iptables?

BR

Don
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to