Hello Ian,
Found some anti-spoofing rules in the ebtables (ebtables -t nat -L) of the
compute-host where my router VM is located. These rules are automatically
generated by libvirt for each VM and are usually generated from a preset of
rules (anti-ip-spoofing.xml). Disabling this rule didn't help
Randy has it spot on. The antispoofing rules prevent you from doing this
in Neutron. Clearly a router transmits traffic that isn't from it, and
receives traffic that isn't addressed to it - and the port filtering
discards them.
You can disable them for the entire cloud by judiciously tweaking th
There are at least 3 types of solutions I'm aware of:
1) Using VLANs and physical or virtual-machine appliances that route packets
between VLANs.
Tutorial:
http://developer.rackspace.com/blog/neutron-networking-vlan-provider-networks.html
2) Using an L2 overlay and virtual machines that route pac
In general, you'd need a router to pass from one VLAN to another, and that
is still true in OS. However, for your case where you have a VM running
some routing software, it's quite possible (likely) that the iptable rules
on the host machine are stopping your VM from forwarding out since the
source
