When metadata_host is set to 127.0.0.1 metdata_forward will use the
REDIRECT target instead of the DNAT target in iptables rules. The
REDIRECT target results in an implicit DNAT to the primary address
of the incoming interface. As a result requests coming in from VMs
will have a destination address of the gateway brought up by
nova-network.
metadate_accept will now allow traffic destinatined for any local
address on the metadata_port when metadata_host is set to
127.0.0.1.
Reviewed: https:/ /review. openstack. org/37554 github. com/openstack/ nova/commit/ 15543f7e1828774 8d9388269af532e 2c92732d22
Committed: http://
Submitter: Jenkins
Branch: master
commit 15543f7e1828774 8d9388269af532e 2c92732d22
Author: Chet Burgess <email address hidden>
Date: Wed Jul 10 15:37:59 2013 +0000
Fix iptables rules when metadata_ host=127. 0.0.1
When metadata_host is set to 127.0.0.1 metdata_forward will use the
REDIRECT target instead of the DNAT target in iptables rules. The
REDIRECT target results in an implicit DNAT to the primary address
of the incoming interface. As a result requests coming in from VMs
will have a destination address of the gateway brought up by
nova-network.
metadate_accept will now allow traffic destinatined for any local
address on the metadata_port when metadata_host is set to
127.0.0.1.
Change-Id: I877befe6f7c102 0d2160194b6f6ca b8297cb086c
Fixes: bug #1202356