Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

ip netns - iptables

We have 3 network node's. On two of them I have one working tenant router and at second network node I have backup router.

When I ssh to NN1 and access to tenant router with command

sudo ip netns exec qrouter-ff34f529-ebd8-463d-9eef-351302f4751a bash

I can list NAT rules and see chains. Example:

Chain neutron-vpn-agen-float-snat (1 references)
target     prot opt source               destination
SNAT       all  --  172.20.0.140         anywhere             to:185.56.xxx.xxx
SNAT       all  --  172.20.0.13          anywhere             to:185.56.xxx.xxx
SNAT       all  --  172.20.0.214         anywhere             to:185.56.xxx.xxx
SNAT       all  --  172.20.0.15          anywhere             to:185.56.xxx.xxx
SNAT       all  --  172.20.0.101         anywhere             to:185.56.xxx.xxx
SNAT       all  --  172.20.0.14          anywhere             to:185.56.xxx.xxx

or

 Chain neutron-vpn-agen-OUTPUT (1 references)
 target     prot opt source               destination
 DNAT       all  --  anywhere             185.56.xxx.xxx        to:172.20.0.140
 DNAT       all  --  anywhere             185.56.xxx.xxx        to:172.20.0.13
 DNAT       all  --  anywhere             185.56.xxx.xxx        to:172.20.0.214
 DNAT       all  --  anywhere             185.56.xxx.xxx        to:172.20.0.15
 DNAT       all  --  anywhere             185.56.xxx.xxx       to:172.20.0.101
 DNAT       all  --  anywhere             185.56.xxx.xxx        to:172.20.0.14

Also I have identical iptables rules on backup router.

Question is, where are this rules stored? If answer is in database next question is in which base, table?