From 0aa1ce62e59409d3c2c5306993e2f7370285adf7 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Thu, 29 Sep 2016 16:40:52 -0500 Subject: [PATCH] Checksum all traffic traveling though the bridges In some cases when running an AIO a user may want to run test workloads from within a VM though some of those workloads may fail due to networking problems caused by invalid checksums. This change simply changes the checksum rules from only port 22 to all ports on a provided interface. Closes-Bug: #1619730 Change-Id: I04479ff4fc58c51f369876ba5254bdab7b75fc03 Signed-off-by: Kevin Carter --- tests/roles/bootstrap-host/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml index 97f449528a..37c7ef275b 100644 --- a/tests/roles/bootstrap-host/defaults/main.yml +++ b/tests/roles/bootstrap-host/defaults/main.yml @@ -125,8 +125,8 @@ bridge_vlan_state_change_scripts: | post-down ip link del br-vlan-veth || true bridge_iptables_rules: | # To ensure ssh checksum is correct - up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill - down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + up /sbin/iptables -A POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill + down /sbin/iptables -D POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill # To provide internet connectivity to instances up /sbin/iptables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE down /sbin/iptables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE