agree. You may have to look at FWaaS. Remo > On Aug 13, 2015, at 9:07 AM, Sridhar Gaddam <sgad...@redhat.com> wrote: > > AFAIK yes, your OpenStack setup would work fine. > But the Security Group (including anti-spoofing) rules will not have any > effect to the traffic that is generated by the VMs. > > On 08/13/2015 04:49 PM, FASEELA.ASHRAF wrote: >> Is it necessary only for implementing security group policy? Even if I don't >> set this, the open stack installation and a fully functional openstack >> environment should work, isn't it? >> >> On Thu, Aug 13, 2015 at 2:01 PM, Sridhar Gaddam <sgad...@redhat.com >> <mailto:sgad...@redhat.com>> wrote: >> Neutron implements Security Groups by applying iptable rules on Linux >> bridge. So, we need these parameters to be set. >> Please see [1] for details. >> [1] - https://bugs.launchpad.net/openstack-manuals/+bug/1359691 >> <https://bugs.launchpad.net/openstack-manuals/+bug/1359691> >> >> >> On 08/13/2015 01:50 PM, FASEELA.ASHRAF wrote: >>> I installed the package bridge-utils and the error remains the same. In >>> other versions of Openstack like Juno and kilo these lines: >>> >>> net.bridge.bridge-nf-call-arptables=1 >>> net.bridge.bridge-nf-call-iptables=1 >>> net.bridge.bridge-nf-call-ip6tables=1 >>> >>> are not used in the sysctl file. So are they mandatory ? >>> >>> >>> >>> On Thu, Aug 13, 2015 at 1:21 PM, Andreas Scheuring >>> <scheu...@linux.vnet.ibm.com <mailto:scheu...@linux.vnet.ibm.com>> wrote: >>> Can you try the package bridge-utils? >>> >>> On Do, 2015-08-13 at 11:15 +0530, FASEELA.ASHRAF wrote: >>> > Hi , >>> > >>> > I am trying to install a 3 node architecture of Openstack icehouse >>> > version on my Ubuntu 14.04LTS . I would like to know if it is >>> > necessary to add the following lines to sysctl.conf in network node. >>> > net.bridge.bridge-nf-call-arptables=1 >>> > net.bridge.bridge-nf-call-iptables=1 >>> > net.bridge.bridge-nf-call-ip6tables=1 >>> > >>> > When running the command sysctl -p following errors are shown : >>> > sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No >>> > such file or directory >>> > sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such >>> > file or directory >>> > sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No >>> > such file or directory >>> > >>> > Am I missing some package in my system? >>> > >>> > >>> > >>> > _______________________________________________ >>> > Mailing list: >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>> > Post to : openstack@lists.openstack.org >>> > <mailto:openstack@lists.openstack.org> >>> > Unsubscribe : >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>> >>> -- >>> Andreas >>> (IRC: scheuran) >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>> Post to : openstack@lists.openstack.org >>> <mailto:openstack@lists.openstack.org> >>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >> >> > > !DSPAM:1,55ccc2d8319225393376032! > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,55ccc2d8319225393376032!
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
