Use openstack to manage iptables

Asked by Patrick Vinas

Using Openstack Grizzly, with Quantum + OVS.

Gaining access to my public network from within the running VMs requires some iptables rules be added manually, and the rules only seem to work if they come before some of the rules generated automatically. I can insert my rules into iptables and make everything work for a few minutes, but quantum seems to restore its own rules periodically, as well as whenever a new instance is launched (adding fixed->floating NAT mapping, etc). It's keeping my additions but re-ordering them to the end of the chains. Is there any way to change the order of the rules that quantum is generating?

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Patrick Vinas
Solved:
Last query:
Last reply:
Revision history for this message
yong sheng gong (gongysh) said :
#1

I think u can use different rule chains thank quantum's ones.

Revision history for this message
Patrick Vinas (patrickvinas) said :
#2

Never did manage to figure out this problem. Ended up switching to flat networking, now there's no need for NAT or any custom rules.