We are running OpenNebula 5.8.1 on Ubuntu 18.04 and have the following issue:
- We have created a backend network using 802.1q.
- We have created a FW that connects the backend with the internet (NAT/portforward).
- The FW has the IP spoofing protection removed on the backend interface.
- We have systems on the backend that use the FW to access the internet.
The backend bridge is called onebr0. A machine queries the internet the packet will traverse the bridge, is NAT, the answer is received and the FW sent the packet back to the backend machine.
Here comes the problem:
While the packet is sent out of the virtual interface of the FW vm one-XXX-1, it never reaches the bridge (onebr0). I check if the packet is dropped by iptables, but do not see any drops, nor do i see the packet traversing the FORWARD chain.
My suspicion is that the packet gets dropped before it is process by iptables, however I have no idea why.
Any idea what could cause this issue? (Many thanks in advance, I am out of ideas at the moment …)