Unable to pass traffic through firewall appliance instance

Solution Verified - Updated 2 Aug 2024

Environment

Red Hat Enteprise Linux OpenStack Platform 7.x
Configured using Neutron networking, and ML2.

Issue

Cannot pass traffic through a third party virtual firewall. The virtual firewall is setup as an OpenStack instance.

Can successfully ping the internet from the instance.
The instance is setup as the gateway of the private network, and the gateway is pingable.
When trying to get out to the internet from an instance on the private network, the traffic goes out the third party virtual firewall, but doesn't return to the private network instance.

Resolution

ML2 port security was blocking traffic that was being sent through the third party firewall.

On all nodes, add extension driver to /etc/neutron/plugins/ml2/ml2_conf.ini:

extension_drivers = port_security

Then restart services:

$ systemctl restart neutron-server

Disable security groups and port security on the third party virtual firewall neutron ports with:

$ neutron port-update <PORT UUID> --no-security-groups --port_security_enabled=False

Traffic now passes through.

Content from kimizhang.com is not included.Further reference material

SBR

Stack

Product(s)

Red Hat OpenStack Platform

Components

neutron

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.