OpenStack Compute (nova)

Merge lp:~soren/nova/lp716414 into lp:~hudson-openstack/nova/trunk

  1. lp716414
  2. Merge into trunk
Proposed by Soren Hansen
Status: Merged
Approved by: Devin Carlen
Approved revision: 660
Merged at revision: 662
Proposed branch: lp:~soren/nova/lp716414
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 20 lines (+4/-0)
1 file modified
nova/network/linux_net.py (+4/-0)
To merge this branch: bzr merge lp:~soren/nova/lp716414
Reviewer Review Type Date Requested Status
Devin Carlen (community) Approve
Vish Ishaya (community) Approve
Review via email: mp+49231@code.launchpad.net

Commit message

Add forwarding rules for floating IPs to the OUTPUT chain on the network node in addition to the PREROUTING chain.

Description of the change

Add forwarding rules for floating IPs to the OUTPUT chain on the network node in addition to the PREROUTING chain.

This makes it possible to reach the floating IP's from the network node.

From the linked bug:

From the network node, you cannot reach instances on their floating IP, because the DNAT rule is only in PREROUTING. Since the destination address is local (having been added to FLAGS.public_interface) this rule is not applied and the request instead ends up on the host.

To post a comment you must log in.
Revision history for this message
Vish Ishaya (vishvananda) wrote :

lgtm

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'nova/network/linux_net.py'
--- nova/network/linux_net.py 2011-02-08 18:54:29 +0000
+++ nova/network/linux_net.py 2011-02-10 14:31:37 +0000
@@ -156,6 +156,8 @@
156 """Ensure floating ip forwarding rule"""156 """Ensure floating ip forwarding rule"""
157 _confirm_rule("PREROUTING", "-t nat -d %s -j DNAT --to %s"157 _confirm_rule("PREROUTING", "-t nat -d %s -j DNAT --to %s"
158 % (floating_ip, fixed_ip))158 % (floating_ip, fixed_ip))
159 _confirm_rule("OUTPUT", "-t nat -d %s -j DNAT --to %s"
160 % (floating_ip, fixed_ip))
159 _confirm_rule("SNATTING", "-t nat -s %s -j SNAT --to %s"161 _confirm_rule("SNATTING", "-t nat -s %s -j SNAT --to %s"
160 % (fixed_ip, floating_ip))162 % (fixed_ip, floating_ip))
161163
@@ -164,6 +166,8 @@
164 """Remove forwarding for floating ip"""166 """Remove forwarding for floating ip"""
165 _remove_rule("PREROUTING", "-t nat -d %s -j DNAT --to %s"167 _remove_rule("PREROUTING", "-t nat -d %s -j DNAT --to %s"
166 % (floating_ip, fixed_ip))168 % (floating_ip, fixed_ip))
169 _remove_rule("OUTPUT", "-t nat -d %s -j DNAT --to %s"
170 % (floating_ip, fixed_ip))
167 _remove_rule("SNATTING", "-t nat -s %s -j SNAT --to %s"171 _remove_rule("SNATTING", "-t nat -s %s -j SNAT --to %s"
168 % (fixed_ip, floating_ip))172 % (fixed_ip, floating_ip))
169173