Disable IP forwarding on compute nodes [closed]
Hi, I can't disable IP forwarding on my compute nodes. Every time I reboot the system, the forwarding is enabled. I don't have this issue with my cinder or swift nodes. I have ocata version installed.
I guess it has to be enabled so that the compute node can forward packets to its instances.
Isn't it insecure if i have two network interfaces, one for management tasks and one for users? I don't like the idea that someone can access the management network from the productive network because of the enabled ip forwarding.
netfilter (also named iptables after the command used to configure it) should take care of the correct forwarding. In any case, to reach an instance, the packet needs to travel through the instance's host. If the host doesn't forward it, it won't arrive at the instance.