Comment 0 for bug 1740739

Scenario:
1. Create two separate private networks, two separate routers, and connect the private networks (separately) to the public network
2. Define two VMs on the separate private networks
3. Assign each VM a floating IP.
4. (optional) Modify security groups to allow ICMP ingress from *ALL* IPs and verify ping succeeds, then remove this rule.
5. Modify security group to allow ICMP ingress from the other VMs security group (if same security group, put the current security group)
6. See that ping fails.

Expected scenario:
Ping succeeds in point 6.

Analysis:
The security rules installed match by the original IP address. However, the
packet arrives with its floating IP as source. Therefore, the match fails.