Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reverse path SNAT for DNAT floating-ip.
This patch applies a reverse SNAT rule to allow instances that have an assigned floating IP to communicate with other instances in the same OpenStack deployment, security group rules permitting. The patch allows members of the same private network to communicate with each other using their floating-ips in a more consistent fashion. The rule also addresses the situation where the target is on another private network. This will only work for interaction between two servers that both have floating IPs assigned to them. Specifically, this patch solves the problem where a target server "sees" the private address of the client. By SNAT'ing to the client's floating-IP, the "sees" the correct reply address and the reverse route follows the same path that an actual external connection would take. The SNAT ONLY occurs if a DNAT occurred before hand, allowing communication on private networks using private IPs to remain fully private and internal. The limitation is of course if a DNAT occurs for other reasons, there may be issues. Resolves bug 1178745 Change-Id: I55b7131cff5fd5a2ebf826945370d4d550e74136 (cherry picked from commit 314c419)
- Loading branch information