Hi all, I'm trying to use a virtual router inside my Openstack tenant. I created an instance of the router (Vyatta5600) and connected it to two different networks (dc1 - 10.1.0.0/24 and dc2 - 10.2.0.0/24).

I then connected two different cirros clients on those networks, setting the corresponding Vyatta interface as their deafult GW. I use default security group configured to allow all inbound/outbound traffic (ICMP, TCP,UDP). From both clients I could ping the default GW.

Pinging from one client to the other one does not work, nor do pinging the vyatta interface on the opposite network.

Is there anything special I should enable at the OS level.

Thanks!

UPDATE

Same thing happens if I change the vyatta instance with a Linux instance acting as a router (as explained in this link)

UPDATE 2

In this post i found this:

Be aware that the security groups implementation places anti-spoofing rules to prevent a VM sending packets that do not have the source mac or IP address that Neutron assigned to it. Do iptables-save on the compute nodes to see them.

Could it be this thecause of the problem? If yes, is there the possibility to change that behaviour?