Public bug reported: If neutron-meter-agent is installed and enabled, and a meter-label is created, all traffic between internal networks becomes NATed, which is unexpected and potentially causes firewall/routing issues. This happens because meter-agent does not define stateless flag during iptables initialization which later during _modify_rules in agent/linux/iptables_manager.py results in moving the following rules:
before: -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom after: -A POSTROUTING -j neutron-postrouting-bottom -A POSTROUTING -j neutron-l3-agent-POSTROUTING The attached patch fixes the issue by setting "state_less=True" for metering agent's iptables_manager. ** Affects: neutron Importance: Undecided Status: New ** Patch added: "fix_metering_agent_nat.patch" https://bugs.launchpad.net/bugs/1544508/+attachment/4569216/+files/fix_metering_agent_nat.patch -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1544508 Title: neutron-meter-agent - makes traffic between internal networks NATed Status in neutron: New Bug description: If neutron-meter-agent is installed and enabled, and a meter-label is created, all traffic between internal networks becomes NATed, which is unexpected and potentially causes firewall/routing issues. This happens because meter-agent does not define stateless flag during iptables initialization which later during _modify_rules in agent/linux/iptables_manager.py results in moving the following rules: before: -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom after: -A POSTROUTING -j neutron-postrouting-bottom -A POSTROUTING -j neutron-l3-agent-POSTROUTING The attached patch fixes the issue by setting "state_less=True" for metering agent's iptables_manager. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1544508/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp