Allow sampling NAT translation in Neutron
Issue
- It would be an extremely useful feature to be able to sample and log NAT/PAT translations used by virtual routers in Neutron.
-
A couple of days ago we had an attack against one of the IP addresses that belong to a virtual router inside a tenant in our production OpenStack deployment. It was very hard to track down the actual virtual machine being attacked as the virtual router is performing NAT/PAT, hiding the actual private IP address of the victim.
-
It would have helped considerably if Neutron could keep a history of NAT/PAT translations as well as current ones.
Environment
- Red Hat Open Stack
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.