cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhinandan Prateek <>
Subject RE: domr iptables rules
Date Thu, 10 May 2012 16:05:23 GMT
Why not a set of VMs running app server load balanced using VR.
A VM running db (or probably  a set of VM running db in master-slave conf) with no external
access but only via the app server VMs.
I guess this is what you want ?


>-----Original Message-----
>From: Clayton Weise []
>Sent: Thursday, May 10, 2012 9:00 PM
>To: ''
>Subject: RE: domr iptables rules
>It's something I have been toying with.  Basically it's a standard app/db setup
>where the app servers would reside in a dmz and the db servers would sit in a
>trusted network.  We need to limit the traffic going between the app and the
>db servers in advanced networking.  So currently the db and app servers have
>their own separate networks (vlans) and their own virtual routers.  I was
>thinking of different ways to limit the traffic from app to db to be permitted
>on specific ports.
>-----Original Message-----
>From: Anthony Xu []
>Sent: Wednesday, May 09, 2012 4:33 PM
>Subject: RE: domr iptables rules
>It is better to do it through API. CloudStack already provides several APIs for
>customer to add ACL for customer network, what kind of rules do you want to
>add? Can you do it through current API? Or what kind API you would like to
>> -----Original Message-----
>> From: Clayton Weise []
>> Sent: Wednesday, May 09, 2012 4:26 PM
>> To: ''
>> Subject: RE: domr iptables rules
>> As a dirty hack would it be possible to create an init script which
>> added these custom rules when the domr boots?
>> -----Original Message-----
>> From: Anthony Xu []
>> Sent: Wednesday, May 09, 2012 12:21 PM
>> To:
>> Subject: RE: domr iptables rules
>> Iptables rules is not persistent inside domr, CloudStack send command
>> to domr to generate rules on demand.
>> So if you reboot domr, some rules may not come back. But if you reboot
>> domr through Cloudstack UI, all rules should come back, Cloudstack
>> will send commands to program rules again.
>> Anthony
>> > -----Original Message-----
>> > From: Clayton Weise []
>> > Sent: Wednesday, May 09, 2012 10:09 AM
>> > To: ''
>> > Subject: domr iptables rules
>> >
>> > Where are these kept?  After rebooting a virtual router not all of
>> the
>> > firewall rules came back.  Also, I wanted to manually add a few
>> things
>> > and I was curious where I could do it and have those rules retained
>> > when the domr reboots.
>> >
>> > Thanks

View raw message