Comment 3 for bug 1178745

Reviewed: https://review.openstack.org/28815
Committed: http://github.com/openstack/nova/commit/314c419323ddd512babc4504ef8a4be1e04f2af7
Submitter: Jenkins
Branch: master

commit 314c419323ddd512babc4504ef8a4be1e04f2af7
Author: Brent Eagles <email address hidden>
Date: Fri May 10 14:26:24 2013 -0230

    Reverse path SNAT for DNAT floating-ip.

    This patch applies a reverse SNAT rule to allow instances that have an
    assigned floating IP to communicate with other instances in the same
    OpenStack deployment, security group rules permitting. The patch
    allows members of the same private network to communicate with each
    other using their floating-ips in a more consistent fashion. The rule
    also addresses the situation where the target is on another private
    network.

    This will only work for interaction between two servers that both have
    floating IPs assigned to them.

    Specifically, this patch solves the problem where a target server
    "sees" the private address of the client. By SNAT'ing to the client's
    floating-IP, the "sees" the correct reply address and the reverse
    route follows the same path that an actual external connection would
    take. The SNAT ONLY occurs if a DNAT occurred before hand, allowing
    communication on private networks using private IPs to remain fully
    private and internal. The limitation is of course if a DNAT occurs for
    other reasons, there may be issues.

    Resolves bug 1178745

    Change-Id: I55b7131cff5fd5a2ebf826945370d4d550e74136