You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by COCHE Sébastien <SC...@sigma.fr> on 2013/12/20 15:58:25 UTC
routing and firewalling without NAT...
Hi all,
I would like to deploy Cloudstack instances behind a vrouter configured with routing and firewalling services. I don't want NAT feature on vRouter. Some application do not support NAT and management is less simple. It seems that, actually, this configuration is not possible. Am I right ? If yes is, this feature, present in the cloudstack's roadmap ?
Thank
Best regards
Sébastien Coché
RE: routing and firewalling without NAT...
Posted by COCHE Sébastien <SC...@sigma.fr>.
Thanks' for your feedback.
I already did this config (with an external firewall), but I would like to configure firewall through CS.
Actually, only Juniper SRX firewall can be managed through CS. I think, it could be great to have this feature on CS vRouter.
Also, I do not understand why CloudStack's project did not used open source network appliance (like Pfsense or Monowall) who already propose a lot of features.
Regards,
Sebastien
-----Message d'origine-----
De : Erdősi Péter [mailto:fazy@niif.hu]
Envoyé : vendredi 20 décembre 2013 16:12
À : users@cloudstack.apache.org
Objet : Re: routing and firewalling without NAT...
Hi,
Actually, I use a shared guest network for that.
The subnet is routed by a simple debian, and the CS IPAM stuff gives single public ip's for VM-s.
Of course, You don't have firewall capabilities in the GUI, but with public IP, the firewalling should be done by the user inside the VM.
This kind of network require 1 vrouter, which will do dhcp (plus the machine, which actually do routing, but it's independent from CS and you can also use branded router), so no sys-vm started for every subnet.
If I know well, you can limit the number of allocatable IP-s /user / domain etc.
Regards,
Peter
2013.12.20. 15:58 keltezéssel, COCHE Sébastien írta:
> Hi all,
>
>
>
> I would like to deploy Cloudstack instances behind a vrouter configured with routing and firewalling services. I don't want NAT feature on vRouter. Some application do not support NAT and management is less simple. It seems that, actually, this configuration is not possible. Am I right ? If yes is, this feature, present in the cloudstack's roadmap ?
>
>
>
> Thank
>
>
>
> Best regards
>
>
>
> Sébastien Coché
>
>
>
>
Re: routing and firewalling without NAT...
Posted by Erdősi Péter <fa...@niif.hu>.
Hi,
Actually, I use a shared guest network for that.
The subnet is routed by a simple debian, and the CS IPAM stuff gives
single public ip's for VM-s.
Of course, You don't have firewall capabilities in the GUI, but with
public IP, the firewalling should be done by the user inside the VM.
This kind of network require 1 vrouter, which will do dhcp (plus the
machine, which actually do routing, but it's independent from CS and you
can also use branded router), so no sys-vm started for every subnet.
If I know well, you can limit the number of allocatable IP-s /user /
domain etc.
Regards,
Peter
2013.12.20. 15:58 keltezéssel, COCHE Sébastien írta:
> Hi all,
>
>
>
> I would like to deploy Cloudstack instances behind a vrouter configured with routing and firewalling services. I don't want NAT feature on vRouter. Some application do not support NAT and management is less simple. It seems that, actually, this configuration is not possible. Am I right ? If yes is, this feature, present in the cloudstack's roadmap ?
>
>
>
> Thank
>
>
>
> Best regards
>
>
>
> Sébastien Coché
>
>
>
>