Since we assign public gateway address on master node, all public
traffic goes through it. Unfortunately, it doesn't reach destination due
to rejecting rule in FORWARD chain:
ACCEPT all -- 10.20.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere ext-filter-forward all -- anywhere anywhere
The commit fixes that problem by inserting (-I), not appending (-A)
ext-filter-forward entry. In that case that rule will have higher
priority and won't break routing.
ACCEPT all -- 10.20.0.0/24 anywhere
ACCEPT all -- anywhere anywhere ext-filter-forward all -- anywhere anywhere
REJECT all -- anywhere anywhere
Reviewed: https:/ /review. openstack. org/302164 /git.openstack. org/cgit/ openstack/ fuel-virtualbox /commit/ ?id=80e86854be0 82ccc81099235ff 6e5f16606e80e1
Committed: https:/
Submitter: Jenkins
Branch: master
commit 80e86854be082cc c81099235ff6e5f 16606e80e1
Author: Igor Kalnitsky <email address hidden>
Date: Tue Apr 5 18:43:02 2016 +0300
Fix public network routing from slaves
Since we assign public gateway address on master node, all public
traffic goes through it. Unfortunately, it doesn't reach destination due
to rejecting rule in FORWARD chain:
ACCEPT all -- 10.20.0.0/24 anywhere
ext-filter- forward all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere
The commit fixes that problem by inserting (-I), not appending (-A) filter- forward entry. In that case that rule will have higher
ext-
priority and won't break routing.
ACCEPT all -- 10.20.0.0/24 anywhere
ext-filter- forward all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere
Change-Id: I7887f08a175fa0 ce06654dc1fc18a b412cb296f5
Closes-Bug: #1566968