iptables is outdated on CentOS

Bug #1388117 reported by Sergey Kolekonov on 2014-10-31
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
High
MOS Linux

Bug Description

Current version of iptables (iptables v1.4.7) is outdated and doesn't contain options required for advanced Neutron features such as DVR:

Stderr: "iptables-restore v1.4.7: unknown option `--notrack'\nError occurred at line: 28\nTry `iptables-restore -h' or 'iptables-restore --help'

Changed in fuel:
milestone: none → 6.0
no longer affects: fuel/6.1.x
Changed in fuel:
assignee: nobody → Fuel OSCI Team (fuel-osci)
Changed in fuel:
status: New → Confirmed
importance: Undecided → High
Roman Vyalov (r0mikiam) on 2014-11-06
Changed in fuel:
assignee: Fuel OSCI Team (fuel-osci) → MOS Linux (mos-linux)

This error message is produces because Neutron uses CT target:
https://github.com/openstack/neutron/blob/2cc3a780853686cc1fbf3123402cb7862c9bb12c/neutron/agent/l3_agent.py#L1613

which is not supported in CentOS 6.5 (NOTRACK target should be used instead). CT target was introduces in RedHat 7 with 3.10 kernel.

Changed in fuel:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints