Ask Your Question
0

Custom NAT with quantum

asked 2013-08-22 15:37:54 -0500

Geraint gravatar image

Hi

I have a need to do custom natting with quantum

This is the example :

server a eth0 10.1.1.1 (http proxy) server b eth0 10.1.1.2 (runs LXC VM's) server b lxc-br 10.1.2.0/24 (the LXC's get addresses here)

Server A and B run OSPF so server A knows 10.1.2.0/24 is behind 10.1.1.2.

If I ping 10.1.2.1 from Server A it fails. If I ping Server A from a VM in 10.1.2.0/24 then it works, however looking at the tcpdump the source of the VM's ICMP is rewritten to Server B's eth0 address.

Is there anyway to stop this so that Server A sees the packets as coming from the VM's address and not Server B's address ?

edit retag flag offensive close merge delete

Comments

..........

Geraint gravatar imageGeraint ( 2013-08-22 15:52:05 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-08-22 15:55:49 -0500

Geraint gravatar image

DIgging a bit more I see this on Server B wehn pinging from Server A to an LXC

tcpdump -i eth0 host 10.1.2.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:49:52.850764 IP 10.1.1.1 > 10.1.2.1: ICMP echo request, id 25672, seq 387, length 64
13:49:52.850878 IP 10.1.2.1 > 10.1.1.1: ICMP echo reply, id 25672, seq 387, length 64
13:49:53.850600 IP 10.1.1.1 > 10.1.2.1: ICMP echo request, id 25672, seq 388, length 64
13:49:53.850710 IP 10.1.2.1 > 10.1.1.1: ICMP echo reply, id 25672, seq 388, length 64

And this is what I see on Server A

tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:53:41.852613 IP 10.1.1.1 > 10.1.2.1: ICMP echo request, id 25672, seq 616, length 64
13:53:42.852603 IP 10.1.1.1 > 10.1.2.1: ICMP echo request, id 25672, seq 617, length 64

So the ICMP is getting to the VM without being rewritten, and the reply is being sent to Server A but something is dropping it in transit - I suspect its Open vSwitch GRE...

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-08-22 15:37:54 -0500

Seen: 53 times

Last updated: Aug 22 '13