neutron

  1. Bug #1927691
  2. Comment #3

Comment 3 for bug 1927691

Revision history for this message
Lars Erik Pedersen (pedersen-larserik) wrote :

Did some more debugging. It seems that the packet gets dropped by this in the filter table:

-A neutron-l3-agent-scope -o qr-e8bf5ba7-b5 -m mark ! --mark 0x4000000/0xffff0000 -j DROP

I added logging for iptables on each step in the packet flow (https://i2.wp.com/rakhesh.com/wp-content/uploads/2020/11/Iptables-Flow.png?ssl=1) and I'm pretty sure this stops it. Because nothing appears in the POSTROUTING chain of the mangle table (where it should appear after passing filter FORWARD).