SSH Access to Guest VM without Public IP 4.1

["Murugappan, Vairavan" <vm...@miners.utep.edu>]

Hi,
Is there a way to provide ssh into the guest vm on the basic networking mode. Where there is no Public IP's available on the guest OS. If So how?

If Not? Is there a way to attach a script or a hook when a Guest VM is started, stopped or destroyed?
So that I can setup some sort of port forwarding on the management server's public ip or any other separate server (login server) with public ip.
Say for vm 1 i assign port 50001 and forward all traffic to mgmt server's port 50001 to internal private ip of guestvm's port 22.
And remove the forwarding when the vm is stopped.

Regards,
Vairavan M.

Re: SSH Access to Guest VM without Public IP 4.1

[Shanker Balan <sh...@shapeblue.com>]

On 24-Oct-2013, at 10:10 pm, Murugappan, Vairavan <vm...@miners.utep.edu> wrote:

> Hi Shankar,

> Yes All my VM's have a private ip(10.10.*.*) assigned to it and these are
> accessible within my cloud, that is only if I am inside my cloud's network.

If you need to one to many NAT, you have to use advanced networking. In an
advanced network, a virtual router is used to provide port forwarding and NAT services.

If you want continue to use a basic network, then an external firewall can be used to
do the NAT services between your limited public IPs and the VMs.


> I can ssh into the vm's from host or management server but not from
> outside this network.

Unless you have special routes in place, firewall and routers won’t
route RFC 1918 private subnets.

Its a feature. :)


>
> I don't have lot of public ip's available, so I don't have the option to
> provide public ip's to every vm. But I still some how want to provide ssh
> access to the vm’s.

Either use an advanced network or use an external firewall NAT services.

>
> Say I have only 1 public ip and I am using it for management node. So from
> the internet (outside world) only this ip is visible.
> Therefore I need to some how make use of this to provide ssh access to my
> other vm's.
> So I would do something like the following on management server,
>
> On management server,
>
> * set a forwarding rule in my iptables to forward all incoming traffic to
> the port 50001 to vm1-internal-ip:22, 50002 to vm2-internal-ip:22 and so
> on.
> * So I need a event hook to create this port forwarding when vm is started
> and assign a unique port and remove it when it is stopped.
>

That does not sound very “cloudy” to me but you can certainly do these
kind of things. Would be a big PITA to maintain the routing and mapping table though.

My suggestion would be to redesign your cloud to use an advanced network and
sparingly allocate public IPs with a one to many NAT service.


Regards.
@shankerbalan



> Regards,
> Vairavan M.
>
> On 10/24/13 3:48 AM, "Shanker Balan" <sh...@shapeblue.com> wrote:
>
>> On 24-Oct-2013, at 7:04 am, Murugappan, Vairavan
>> <vm...@miners.utep.edu> wrote:
>>
>>> Hi,
>>> Is there a way to provide ssh into the guest vm on the basic networking
>>> mode. Where there is no Public IP's available on the guest OS. If So how?
>>
>> In a basic network, each VM is assigned an IP directly from the network.
>> Make sure
>> these IPs are from a routable subnet.
>>
>>>
>>> If Not? Is there a way to attach a script or a hook when a Guest VM is
>>> started, stopped or destroyed?
>>
>> Create an OS template with the required hooks for start/stop action. The
>> VM however
>> would not know that its being destroyed. For destroy actions, you would
>> need to hook
>> into the CloudStack event framework.
>>
>>
>>> So that I can setup some sort of port forwarding on the management
>>> server's public ip or any other separate server (login server) with
>>> public ip.
>>
>> I am not sure what exactly you are trying to do here. Can you explain
>> more?
>>
>>> Say for vm 1 i assign port 50001 and forward all traffic to mgmt
>>> server's port 50001 to internal private ip of guestvm's port 22.
>>
>> Why do you require a management server port in the first place?
>>
>>
>>> And remove the forwarding when the vm is stopped.
>>
>>
>> Maybe others can respond to your query better. :)
>>
>>
>> --
>> @shankerbalan
>>
>> M: +91 98860 60539 | O: +91 (80) 67935867
>> shanker.balan@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue
>> ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre,
>> Bangalore - 560 055
>>
>> CloudStack Bootcamp Training on 27/28 November, Bangalore
>> http://www.shapeblue.com/cloudstack-training/
>>
>>
>>
>>
>> This email and any attachments to it may be confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views
>> or opinions expressed are solely those of the author and do not
>> necessarily represent those of Shape Blue Ltd or related companies. If
>> you are not the intended recipient of this email, you must neither take
>> any action based upon its contents, nor copy or show it to anyone. Please
>> contact the sender if you believe you have received this email in error.
>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>> Services India LLP is a company incorporated in India and is operated
>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>> a company incorporated in Brasil and is operated under license from Shape
>> Blue Ltd. ShapeBlue is a registered trademark.
>

--
@shankerbalan

M: +91 98860 60539 | O: +91 (80) 67935867
shanker.balan@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue
ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055

CloudStack Bootcamp Training on 27/28 November, Bangalore
http://www.shapeblue.com/cloudstack-training/




This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Re: SSH Access to Guest VM without Public IP 4.1

["Murugappan, Vairavan" <vm...@miners.utep.edu>]

Hi Shankar,
Yes All my VM's have a private ip(10.10.*.*) assigned to it and these are
accessible within my cloud, that is only if I am inside my cloud's network.
I can ssh into the vm's from host or management server but not from
outside this network.

I don't have lot of public ip's available, so I don't have the option to
provide public ip's to every vm. But I still some how want to provide ssh
access to the vm's.

Say I have only 1 public ip and I am using it for management node. So from
the internet (outside world) only this ip is visible.
Therefore I need to some how make use of this to provide ssh access to my
other vm's.
So I would do something like the following on management server,

On management server,

* set a forwarding rule in my iptables to forward all incoming traffic to
the port 50001 to vm1-internal-ip:22, 50002 to vm2-internal-ip:22 and so
on.
* So I need a event hook to create this port forwarding when vm is started
and assign a unique port and remove it when it is stopped.

Regards,
Vairavan M.

On 10/24/13 3:48 AM, "Shanker Balan" <sh...@shapeblue.com> wrote:

>On 24-Oct-2013, at 7:04 am, Murugappan, Vairavan
><vm...@miners.utep.edu> wrote:
>
>> Hi,
>> Is there a way to provide ssh into the guest vm on the basic networking
>>mode. Where there is no Public IP's available on the guest OS. If So how?
>
>In a basic network, each VM is assigned an IP directly from the network.
>Make sure
>these IPs are from a routable subnet.
>
>>
>> If Not? Is there a way to attach a script or a hook when a Guest VM is
>>started, stopped or destroyed?
>
>Create an OS template with the required hooks for start/stop action. The
>VM however
>would not know that its being destroyed. For destroy actions, you would
>need to hook
>into the CloudStack event framework.
>
>
>> So that I can setup some sort of port forwarding on the management
>>server's public ip or any other separate server (login server) with
>>public ip.
>
>I am not sure what exactly you are trying to do here. Can you explain
>more?
>
>> Say for vm 1 i assign port 50001 and forward all traffic to mgmt
>>server's port 50001 to internal private ip of guestvm's port 22.
>
>Why do you require a management server port in the first place?
>
>
>> And remove the forwarding when the vm is stopped.
>
>
>Maybe others can respond to your query better. :)
>
>
>--
>@shankerbalan
>
>M: +91 98860 60539 | O: +91 (80) 67935867
>shanker.balan@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue
>ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre,
>Bangalore - 560 055
>
>CloudStack Bootcamp Training on 27/28 November, Bangalore
>http://www.shapeblue.com/cloudstack-training/
>
>
>
>
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue is a registered trademark.

Re: SSH Access to Guest VM without Public IP 4.1

[Shanker Balan <sh...@shapeblue.com>]

On 24-Oct-2013, at 7:04 am, Murugappan, Vairavan <vm...@miners.utep.edu> wrote:

> Hi,
> Is there a way to provide ssh into the guest vm on the basic networking mode. Where there is no Public IP's available on the guest OS. If So how?

In a basic network, each VM is assigned an IP directly from the network. Make sure
these IPs are from a routable subnet.

>
> If Not? Is there a way to attach a script or a hook when a Guest VM is started, stopped or destroyed?

Create an OS template with the required hooks for start/stop action. The VM however
would not know that its being destroyed. For destroy actions, you would need to hook
into the CloudStack event framework.


> So that I can setup some sort of port forwarding on the management server's public ip or any other separate server (login server) with public ip.

I am not sure what exactly you are trying to do here. Can you explain more?

> Say for vm 1 i assign port 50001 and forward all traffic to mgmt server's port 50001 to internal private ip of guestvm's port 22.

Why do you require a management server port in the first place?


> And remove the forwarding when the vm is stopped.


Maybe others can respond to your query better. :)


--
@shankerbalan

M: +91 98860 60539 | O: +91 (80) 67935867
shanker.balan@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue
ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055

CloudStack Bootcamp Training on 27/28 November, Bangalore
http://www.shapeblue.com/cloudstack-training/




This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.