You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Felipe Arturo Polanco <fe...@gmail.com> on 2017/01/07 01:25:07 UTC
Static Nat how to
Hi,
Can anyone provide me a link to how to adjust the firewall with static Nat
of a virtual router?
My VMs can get access to the Internet via the virtual router but when I
assign a public IP via static Nat nothing happens, looks like the firewall
is not allowing outside communication.
I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
response.
I'm using the default isolated network offering with nat.
Any guest?
Re: Static Nat how to
Posted by Makrand <ma...@gmail.com>.
Hi Felipe,
Very Strange.
1) I assume the communication on the private IP is fine between VR and VMs?
2) What's version of ACS and hyper-visor?
Just a small suggestion: VRs are bit strange creatures in ACS
world.....just try to do clean network restart so it will create a brand
new VR. Rebooting this way have solved few network related issues for me in
past.
--
Makrand
On Mon, Jan 9, 2017 at 12:08 AM, Felipe Arturo Polanco <
felipeapolanco@gmail.com> wrote:
> Hi Makrand,
>
> Thanks for the information.
>
> I have acquired and assigned the public IP to the VM and with tcpdump I can
> see the packets coming into the public interface but they never get out via
> the private interface in the Virtual Router.
>
> When I do a whatsmyip query on the VM I see it still uses the VR Public IP
> for getting Public access.
>
> I double checked the iptables rules and I can see the Static NAT rules
> being present in the chains for the acquired IP so it still a mystery why
> the packets are not going out to the private NIC and the VM traffic still
> uses the Source NAT instead of Static NAT for egress communication.
>
> My egress rules for the network are allow ALL in 0.0.0.0/0
>
> On Sun, Jan 8, 2017 at 12:44 PM, Makrand <ma...@gmail.com> wrote:
>
> > Hi Felipe,
> >
> > Have a look at below screenshot which will help you to navigate to
> firewall
> > menu for static NAT:-
> >
> > https://snag.gy/u2goXN.jpg
> >
> > 1) Once you acquire a new public IP (static NAT) you need to hook it to
> VM
> > behind that network.
> >
> > 2) If you think you've set everything right (as like above) and if things
> > still aren't working, then run tcpdump on VR interface (eth2 mostly)
> where
> > your public IP is hooked. See you're getting any packets at all on that
> > public IP from your source IP for desired ports. If not, then you need
> to
> > configure ports properly at physical firewall for public IP.
> >
> > --
> > Makrand
> >
> >
> > On Sat, Jan 7, 2017 at 6:55 AM, Felipe Arturo Polanco <
> > felipeapolanco@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > Can anyone provide me a link to how to adjust the firewall with static
> > Nat
> > > of a virtual router?
> > >
> > > My VMs can get access to the Internet via the virtual router but when I
> > > assign a public IP via static Nat nothing happens, looks like the
> > firewall
> > > is not allowing outside communication.
> > >
> > > I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
> > > response.
> > >
> > > I'm using the default isolated network offering with nat.
> > >
> > > Any guest?
> > >
> >
>
Re: Static Nat how to
Posted by Felipe Arturo Polanco <fe...@gmail.com>.
Hi Makrand,
Thanks for the information.
I have acquired and assigned the public IP to the VM and with tcpdump I can
see the packets coming into the public interface but they never get out via
the private interface in the Virtual Router.
When I do a whatsmyip query on the VM I see it still uses the VR Public IP
for getting Public access.
I double checked the iptables rules and I can see the Static NAT rules
being present in the chains for the acquired IP so it still a mystery why
the packets are not going out to the private NIC and the VM traffic still
uses the Source NAT instead of Static NAT for egress communication.
My egress rules for the network are allow ALL in 0.0.0.0/0
On Sun, Jan 8, 2017 at 12:44 PM, Makrand <ma...@gmail.com> wrote:
> Hi Felipe,
>
> Have a look at below screenshot which will help you to navigate to firewall
> menu for static NAT:-
>
> https://snag.gy/u2goXN.jpg
>
> 1) Once you acquire a new public IP (static NAT) you need to hook it to VM
> behind that network.
>
> 2) If you think you've set everything right (as like above) and if things
> still aren't working, then run tcpdump on VR interface (eth2 mostly) where
> your public IP is hooked. See you're getting any packets at all on that
> public IP from your source IP for desired ports. If not, then you need to
> configure ports properly at physical firewall for public IP.
>
> --
> Makrand
>
>
> On Sat, Jan 7, 2017 at 6:55 AM, Felipe Arturo Polanco <
> felipeapolanco@gmail.com> wrote:
>
> > Hi,
> >
> > Can anyone provide me a link to how to adjust the firewall with static
> Nat
> > of a virtual router?
> >
> > My VMs can get access to the Internet via the virtual router but when I
> > assign a public IP via static Nat nothing happens, looks like the
> firewall
> > is not allowing outside communication.
> >
> > I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
> > response.
> >
> > I'm using the default isolated network offering with nat.
> >
> > Any guest?
> >
>
Re: Static Nat how to
Posted by Makrand <ma...@gmail.com>.
Hi Felipe,
Have a look at below screenshot which will help you to navigate to firewall
menu for static NAT:-
https://snag.gy/u2goXN.jpg
1) Once you acquire a new public IP (static NAT) you need to hook it to VM
behind that network.
2) If you think you've set everything right (as like above) and if things
still aren't working, then run tcpdump on VR interface (eth2 mostly) where
your public IP is hooked. See you're getting any packets at all on that
public IP from your source IP for desired ports. If not, then you need to
configure ports properly at physical firewall for public IP.
--
Makrand
On Sat, Jan 7, 2017 at 6:55 AM, Felipe Arturo Polanco <
felipeapolanco@gmail.com> wrote:
> Hi,
>
> Can anyone provide me a link to how to adjust the firewall with static Nat
> of a virtual router?
>
> My VMs can get access to the Internet via the virtual router but when I
> assign a public IP via static Nat nothing happens, looks like the firewall
> is not allowing outside communication.
>
> I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
> response.
>
> I'm using the default isolated network offering with nat.
>
> Any guest?
>