diff --git a/contrib/ci/post_test_hook.sh b/contrib/ci/post_test_hook.sh
index f002e76242..9e6ce135bd 100755
--- a/contrib/ci/post_test_hook.sh
+++ b/contrib/ci/post_test_hook.sh
@@ -335,21 +335,6 @@ export OS_USER_DOMAIN_NAME=$ADMIN_DOMAIN_NAME
 source $BASE/new/manila/contrib/ci/common.sh
 manila_wait_for_drivers_init $MANILA_CONF
 
-
-TCP_PORTS=(2049 111 32803 892 875 662)
-UDP_PORTS=(111 32769 892 875 662)
-for ipcmd in iptables ip6tables; do
-    # (aovchinnikov): extra rules are needed to allow instances talk to host.
-    sudo $ipcmd -N manila-nfs
-    sudo $ipcmd -I INPUT 1 -j manila-nfs
-    for port in ${TCP_PORTS[*]}; do
-        sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
-    done
-    for port in ${UDP_PORTS[*]}; do
-        sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
-    done
-done
-
 source $BASE/new/devstack/openrc admin admin
 public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID )
 iniset $TEMPEST_CONFIG network public_network_id $public_net_id
diff --git a/contrib/ci/pre_test_hook.sh b/contrib/ci/pre_test_hook.sh
index 3336dd09bf..bc6722fef4 100755
--- a/contrib/ci/pre_test_hook.sh
+++ b/contrib/ci/pre_test_hook.sh
@@ -42,6 +42,8 @@ echo "MANILA_SHARE_BACKEND2_NAME=PARIS" >> $localconf
 
 echo "MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}" >> $localconf
 
+echo "MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:=False}" >> $localconf
+
 # === Handle script arguments ===
 # First argument is expected to be a boolean-like value for DHSS.
 DHSS=$1
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index e9df6ae600..498d412ee2 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -959,6 +959,24 @@ function install_libraries {
     fi
 }
 
+function allow_host_ports_for_share_mounting {
+
+    TCP_PORTS=(2049 111 32803 892 875 662)
+    UDP_PORTS=(111 32769 892 875 662)
+    for ipcmd in iptables ip6tables; do
+        # (aovchinnikov): extra rules are needed to allow instances talk to
+        # host.
+        sudo $ipcmd -N manila-nfs
+        sudo $ipcmd -I INPUT 1 -j manila-nfs
+        for port in ${TCP_PORTS[*]}; do
+            sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
+        done
+        for port in ${UDP_PORTS[*]}; do
+            sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
+        done
+    done
+}
+
 function setup_ipv6 {
 
     # This will fail with multiple default routes and is not needed in CI
@@ -1187,6 +1205,13 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
 
     echo_summary "Update Tempest config"
     update_tempest
+
+
+    if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then
+        echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host"
+        allow_host_ports_for_share_mounting
+    fi
+
 fi
 
 if [[ "$1" == "unstack" ]]; then
diff --git a/devstack/settings b/devstack/settings
index d589245d25..a3d61a5845 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -145,6 +145,11 @@ MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1}  # deprecated
 MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2}  # deprecated
 MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2}  # deprecated
 
+# Enable this option when using a storage backend that is on the same host
+# as the devstack host, these iptable rules are necessary to allow mounting
+# shares from the host
+MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False}
+
 # Options for configuration of LVM share driver
 SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M}
 SHARE_GROUP=${SHARE_GROUP:-lvm-shares}
diff --git a/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml b/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
index 418576f572..6d6c37d1a6 100644
--- a/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
+++ b/playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
@@ -52,6 +52,7 @@
 
           export ENABLED_SERVICES=tempest
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
 
           # Keep localrc to be able to set some vars in pre_test_hook
           export KEEP_LOCALRC=1
diff --git a/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml b/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
index ca0cc1e2a5..b8f79aee31 100644
--- a/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
+++ b/playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
@@ -53,6 +53,7 @@
           export KEEP_LOCALRC=1
           export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
 
           function pre_test_hook {
               # 'dhss' - acronym for 'Driver Handles Share Servers',
diff --git a/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml b/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
index 39c9d03247..fc9aa62457 100644
--- a/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
+++ b/playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
@@ -53,6 +53,7 @@
           export KEEP_LOCALRC=1
           export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
 
           function pre_test_hook {
               # 'dhss' - acronym for 'Driver Handles Share Servers',
diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
index 9e7f3c7547..9d463c5f4a 100644
--- a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
+++ b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
@@ -103,6 +103,7 @@
           export KEEP_LOCALRC=1
           export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
           OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest
           export OVERRIDE_ENABLED_SERVICES
 
diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml
index 38e6575cf5..f47a4c04c1 100644
--- a/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml
+++ b/playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml
@@ -66,6 +66,7 @@
           export PROJECTS="openstack/devstack-plugin-ceph $PROJECTS"
           export DEVSTACK_PROJECT_FROM_GIT="python-manilaclient"
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
 
           export KEEP_LOCALRC=1
           export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
diff --git a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml
index e2c73500ad..2d8a4307f1 100644
--- a/playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml
+++ b/playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml
@@ -84,6 +84,7 @@
           export MANILA_SETUP_IPV6=True
           export RUN_MANILA_IPV6_TESTS=True
           export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
+          export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
 
           # Basic services needed for minimal job
           OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest