# 删除链
-
[root@xianghui-10-9-1-141 ~]# neutron router-create router1
-
+--------------------------------------+---------+-----------------------+
-
| id | name | external_gateway_info |
-
+--------------------------------------+---------+-----------------------+
-
|c36b384e-b1f5-45e5-bb4f-c3ed32885142 | router1 | null |
-
+--------------------------------------+---------+-----------------------+
-
[root@xianghui-10-9-1-141 ~]# vi /etc/neutron/l3_agent.ini
-
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
-
# OS is RHEL6.4, not support namespace
-
use_namespaces = False
-
# This is done by setting the specific router_id.
-
router_id = c36b384e-b1f5-45e5-bb4f-c3ed32885142
-
# Name of bridge used for external network traffic. This should be set to
-
# empty value for the linux bridge
-
external_network_bridge = br-eth1
-
[root@xianghui-10-9-1-141 ~]# service neutron-l3-agent restart
-
[root@xianghui-10-9-1-141 ~]# iptables -t nat -Aneutron-l3-agent-float-snat -s 70.0.0.6/32-j SNAT --to-source 192.168.12.100
-
[root@xianghui-10-9-1-141 ~]# iptables -t nat -Aneutron-l3-agent-PREROUTING -d 192.168.12.100/32-j DNAT --to-destination 70.0.0.6
-
[root@xianghui-10-9-1-141 ~]# ssh ec2-user@70.0.0.11
-
[ec2-user@wordpress-test-wikidatabase-jevfsmkbakch ~]$ ping 192.168.12.100
-
PING 192.168.12.100 (192.168.12.100) 56(84) bytes of data.
-
64 bytes from 70.0.0.6: icmp_req=1 ttl=64 time=3.09 ms
-
64 bytes from 70.0.0.6: icmp_req=2 ttl=64 time=0.281 ms
-
64 bytes from 70.0.0.6: icmp_req=3 ttl=64 time=0.151 ms
-
[root@xianghui-10-9-1-141 ~]# iptables -t nat -A POSTROUTING -j neutron-l3-agent-float-snat
-
[ec2-user@wordpress-test-wikidatabase-jevfsmkbakch ~]$ ping 192.168.12.100
-
PING 192.168.12.100 (192.168.12.100) 56(84) bytes of data.
-
64 bytes from 192.168.12.100: icmp_req=1 ttl=63 time=2.47 ms
-
64 bytes from 192.168.12.100: icmp_req=2 ttl=63 time=0.199 ms
-
64 bytes from 192.168.12.100: icmp_req=3 ttl=63 time=0.251 ms
-
# ping 192.168.12.100(70.0.0.6) from 70.0.0.11
-
# s:70.0.0.11 d:70.0.0.6
-
# prerouting -> forward -> postrouting
-
[root@xianghui-10-9-1-141 ~]# iptables -A neutron-l3-agent-FORWARD -d 70.0.0.11/32 -j ACCEPT
-
[root@xianghui-10-9-1-141 ~]# iptables -A neutron-l3-agent-FORWARD -d 70.0.0.6/32 -j ACCEPT
-
[root@xianghui-10-9-1-141 ~]# iptables -t nat -A neutron-l3-agent-PREROUTING -d 192.168.12.100/32 -j DNAT --to-destination 70.0.0.6
-
-A OUTPUT -j neutron-l3-agent-OUTPUT
-
[root@xianghui-10-9-1-141 ~]# iptables -A neutron-l3-agent-OUTPUT -d 192.168.12.100/32 -j DNAT --to-destination 70.0.0.6