Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@queenvm1 ~(keystone_admin)]# iptables -t nat -S
- -P PREROUTING ACCEPT
- -P INPUT ACCEPT
- -P OUTPUT ACCEPT
- -P POSTROUTING ACCEPT
- -N neutron-l3-agent-OUTPUT
- -N neutron-l3-agent-POSTROUTING
- -N neutron-l3-agent-PREROUTING
- -N neutron-l3-agent-float-snat
- -N neutron-l3-agent-snat
- -N neutron-postrouting-bottom
- -A PREROUTING -j neutron-l3-agent-PREROUTING
- -A OUTPUT -j neutron-l3-agent-OUTPUT
- -A POSTROUTING -j neutron-l3-agent-POSTROUTING
- -A POSTROUTING -j neutron-postrouting-bottom
- -A neutron-l3-agent-OUTPUT -d 172.30.70.74/32 -j DNAT --to-destination 10.10.10.5
- -A neutron-l3-agent-OUTPUT -d 172.30.70.75/32 -j DNAT --to-destination 10.10.10.4
- -A neutron-l3-agent-OUTPUT -d 172.30.70.76/32 -j DNAT --to-destination 10.10.10.9
- -A neutron-l3-agent-POSTROUTING ! -i qg-abda25e2-e7 ! -o qg-abda25e2-e7 -m conntrack ! --ctstate DNAT -j ACCEPT
- -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
- -A neutron-l3-agent-PREROUTING -d 172.30.70.74/32 -j DNAT --to-destination 10.10.10.5
- -A neutron-l3-agent-PREROUTING -d 172.30.70.75/32 -j DNAT --to-destination 10.10.10.4
- -A neutron-l3-agent-PREROUTING -d 172.30.70.76/32 -j DNAT --to-destination 10.10.10.9
- -A neutron-l3-agent-float-snat -s 10.10.10.5/32 -j SNAT --to-source 172.30.70.74
- -A neutron-l3-agent-float-snat -s 10.10.10.4/32 -j SNAT --to-source 172.30.70.75
- -A neutron-l3-agent-float-snat -s 10.10.10.9/32 -j SNAT --to-source 172.30.70.76
- -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
- -A neutron-l3-agent-snat -o qg-abda25e2-e7 -j SNAT --to-source 172.30.70.17
- -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 172.30.70.17
- -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
Add Comment
Please, Sign In to add comment
