https://blueprints.launchpad.net/neutron/+spec/l3-ext-gw-modes https://wiki.openstack.org/wiki/L3-ext-gw-modes-spec
Failed my verification on RHOS 4.0. I had an instance connected to a router. The instance was able to ping google.com. I used tcpdump on the hypervisor and saw that the source IP for the packets as they were leaving the hypervisor was the IP that the virtual router was allocated. I then cleared the gateway, and the pings were failing. I then ran: router-gateway-set --disable-snat r1 public And the pings were succeeding, and the source IP was (again) the source IP of the virtual router. The expected result was that the pings were supposed to fail, as the ICMP request was supposed to leave the hypervisor with a source IP of the instance itself, as the NAT was not supposed to take place (But was).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html
Reopening. I don't know why the bug was closed as the last message (By me) states that the bug failed verification.