2015-11-27 20:28 GMT+01:00 Saverio Proto <ziopr...@gmail.com>: > Hello, > > I have a cloud user that is trying to implement the following topology > > ext_net <|R1|> internal_net <|R2|> dbservers_network > > where > - internal_net: 10.0.2.0/24 > - dbservers_net: 10.0.3.0/24 > > Now according to the documentation: > http://docs.openstack.org/admin-guide-cloud/networking_adv-features.html > > My user was able to set up the necessary static routes on R1 to reach > the dbservers_network and on R2 to have a default via R1 > > However, it seems impossible to manipulate Nat rules on R1 and R2. > R1 for example will SNAT traffic only for source IPs into 10.0.2.0 > making impossible for hosts in dbservers_network to access the > Internet. > > To see the configuration, I can as an Operator use iptables commands > into the namespaces on the network node. But what can users do ? > > So far, I ended up with the feeling, that is not possible to have two > hop topologies where hosts two hops away from the gateway can make > traffic with the outside Internet. Is this really the case ? > > Hi Saverio,
Recently I was facing the same situation and AFAIK cloud users can't set NAT rules on internal routers via neutron API Those NAT rules are restricted to routers connected to an external router (setting the router gateway or doing floating IPs associations). In our case this limitation was solved using an instance as a router and maybe you can find useful the description of the followed steps: https://albertomolina.wordpress.com/2015/11/22/playing-around-with-openstack-using-an-instance-as-router/ I hope this helps Cheers Alberto
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators