You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Asanka Gunasekara <as...@nimbus.lk> on 2017/11/13 09:25:10 UTC
Unable to access guest VM console from internet, behind irewall
Hi my cloudstac setup is behind a firewall (Nated) I am able to access the
portal by nating 8080 to an public up. and all works fine but but when I
click on a console of a guest VM it is looking for the internal ip (the
range I specified as public while creating the Zone)
What are the ports that I need to nat out or how to fix this
Thanks and best regards
Asanka
Re: Unable to access guest VM console from internet, behind irewall
Posted by Asanka Gunasekara <as...@nimbus.lk>.
Thank you Dag, for the reply
Best Regards
Asanka
On 14 November 2017 at 14:27, Dag Sonstebo <Da...@shapeblue.com>
wrote:
> Hi Asanka – no you’re right – personally I would get everything working
> first internally before making any changes like this (
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 14/11/2017, 06:04, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
>
> Thank you Dag, I dont suppose you would recommend of doing this change
> while the in-progress of the POC :).
>
> Thank you and best regards
>
> Asanka
>
> On 13 November 2017 at 17:05, Dag Sonstebo <Dag.Sonstebo@shapeblue.com
> >
> wrote:
>
> > Hi Asanka,
> >
> > Yes fully doable – we do this ourselves in our own environment. You
> need
> > to update the global setting for consoleproxy.url.domain.
> >
> > Please note though you may need to review the following old Wiki
> article -
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/
> Realhost+IP+changes
> > - in short if you update consoleproxy.url.domain from it’s default
> value
> > then CloudStack will use HTTPS – hence you would need to supply your
> own
> > SSL on the NAT’ed address. Please note this setting may also affect
> the
> > SSVM.
> >
> > Wrt port forwarding – CPVM is reached on HTTP/HTTPS depending on the
> > settings above.
> >
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> > On 13/11/2017, 11:21, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
> >
> > Just some information, public ip of the proxy VM is
> 172.17.101.230,
> > and the
> > browser is looking for this IP instade of actual nated ip. if I
> can map
> > this to a name I should be able to use that internally and
> externally
> > how
> > can I go about doing this and is this a good idea?
> >
> >
> > Thanks and Best Regards
> >
> > Asanka
> >
> >
> > Dag.Sonstebo@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
> Dag.Sonstebo@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> > On 13 November 2017 at 14:55, Asanka Gunasekara <as...@nimbus.lk>
> wrote:
> >
> > > Hi my cloudstac setup is behind a firewall (Nated) I am able to
> > access the
> > > portal by nating 8080 to an public up. and all works fine but
> but
> > when I
> > > click on a console of a guest VM it is looking for the
> internal ip
> > (the
> > > range I specified as public while creating the Zone)
> > >
> > > What are the ports that I need to nat out or how to fix this
> > >
> > > Thanks and best regards
> > >
> > > Asanka
> > >
> >
> >
> >
>
>
>
Re: Unable to access guest VM console from internet,
behind irewall
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Hi Asanka – no you’re right – personally I would get everything working first internally before making any changes like this (
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 14/11/2017, 06:04, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
Thank you Dag, I dont suppose you would recommend of doing this change
while the in-progress of the POC :).
Thank you and best regards
Asanka
On 13 November 2017 at 17:05, Dag Sonstebo <Da...@shapeblue.com>
wrote:
> Hi Asanka,
>
> Yes fully doable – we do this ourselves in our own environment. You need
> to update the global setting for consoleproxy.url.domain.
>
> Please note though you may need to review the following old Wiki article -
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
> - in short if you update consoleproxy.url.domain from it’s default value
> then CloudStack will use HTTPS – hence you would need to supply your own
> SSL on the NAT’ed address. Please note this setting may also affect the
> SSVM.
>
> Wrt port forwarding – CPVM is reached on HTTP/HTTPS depending on the
> settings above.
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 13/11/2017, 11:21, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
>
> Just some information, public ip of the proxy VM is 172.17.101.230,
> and the
> browser is looking for this IP instade of actual nated ip. if I can map
> this to a name I should be able to use that internally and externally
> how
> can I go about doing this and is this a good idea?
>
>
> Thanks and Best Regards
>
> Asanka
>
>
> Dag.Sonstebo@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
> On 13 November 2017 at 14:55, Asanka Gunasekara <as...@nimbus.lk> wrote:
>
> > Hi my cloudstac setup is behind a firewall (Nated) I am able to
> access the
> > portal by nating 8080 to an public up. and all works fine but but
> when I
> > click on a console of a guest VM it is looking for the internal ip
> (the
> > range I specified as public while creating the Zone)
> >
> > What are the ports that I need to nat out or how to fix this
> >
> > Thanks and best regards
> >
> > Asanka
> >
>
>
>
Re: Unable to access guest VM console from internet, behind irewall
Posted by Asanka Gunasekara <as...@nimbus.lk>.
Thank you Dag, I dont suppose you would recommend of doing this change
while the in-progress of the POC :).
Thank you and best regards
Asanka
On 13 November 2017 at 17:05, Dag Sonstebo <Da...@shapeblue.com>
wrote:
> Hi Asanka,
>
> Yes fully doable – we do this ourselves in our own environment. You need
> to update the global setting for consoleproxy.url.domain.
>
> Please note though you may need to review the following old Wiki article -
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
> - in short if you update consoleproxy.url.domain from it’s default value
> then CloudStack will use HTTPS – hence you would need to supply your own
> SSL on the NAT’ed address. Please note this setting may also affect the
> SSVM.
>
> Wrt port forwarding – CPVM is reached on HTTP/HTTPS depending on the
> settings above.
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 13/11/2017, 11:21, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
>
> Just some information, public ip of the proxy VM is 172.17.101.230,
> and the
> browser is looking for this IP instade of actual nated ip. if I can map
> this to a name I should be able to use that internally and externally
> how
> can I go about doing this and is this a good idea?
>
>
> Thanks and Best Regards
>
> Asanka
>
>
> Dag.Sonstebo@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> On 13 November 2017 at 14:55, Asanka Gunasekara <as...@nimbus.lk> wrote:
>
> > Hi my cloudstac setup is behind a firewall (Nated) I am able to
> access the
> > portal by nating 8080 to an public up. and all works fine but but
> when I
> > click on a console of a guest VM it is looking for the internal ip
> (the
> > range I specified as public while creating the Zone)
> >
> > What are the ports that I need to nat out or how to fix this
> >
> > Thanks and best regards
> >
> > Asanka
> >
>
>
>
Re: Unable to access guest VM console from internet,
behind irewall
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Hi Asanka,
Yes fully doable – we do this ourselves in our own environment. You need to update the global setting for consoleproxy.url.domain.
Please note though you may need to review the following old Wiki article - https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes - in short if you update consoleproxy.url.domain from it’s default value then CloudStack will use HTTPS – hence you would need to supply your own SSL on the NAT’ed address. Please note this setting may also affect the SSVM.
Wrt port forwarding – CPVM is reached on HTTP/HTTPS depending on the settings above.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 13/11/2017, 11:21, "Asanka Gunasekara" <as...@nimbus.lk> wrote:
Just some information, public ip of the proxy VM is 172.17.101.230, and the
browser is looking for this IP instade of actual nated ip. if I can map
this to a name I should be able to use that internally and externally how
can I go about doing this and is this a good idea?
Thanks and Best Regards
Asanka
Dag.Sonstebo@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On 13 November 2017 at 14:55, Asanka Gunasekara <as...@nimbus.lk> wrote:
> Hi my cloudstac setup is behind a firewall (Nated) I am able to access the
> portal by nating 8080 to an public up. and all works fine but but when I
> click on a console of a guest VM it is looking for the internal ip (the
> range I specified as public while creating the Zone)
>
> What are the ports that I need to nat out or how to fix this
>
> Thanks and best regards
>
> Asanka
>
Re: Unable to access guest VM console from internet, behind irewall
Posted by Asanka Gunasekara <as...@nimbus.lk>.
Just some information, public ip of the proxy VM is 172.17.101.230, and the
browser is looking for this IP instade of actual nated ip. if I can map
this to a name I should be able to use that internally and externally how
can I go about doing this and is this a good idea?
Thanks and Best Regards
Asanka
On 13 November 2017 at 14:55, Asanka Gunasekara <as...@nimbus.lk> wrote:
> Hi my cloudstac setup is behind a firewall (Nated) I am able to access the
> portal by nating 8080 to an public up. and all works fine but but when I
> click on a console of a guest VM it is looking for the internal ip (the
> range I specified as public while creating the Zone)
>
> What are the ports that I need to nat out or how to fix this
>
> Thanks and best regards
>
> Asanka
>