cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "WXR" <474745...@qq.com>
Subject Re: How to create a network offering without firewall?
Date Thu, 27 Jun 2013 10:01:45 GMT
I have added a egress rule like this:
Source CIDR    Protocol    Start Port    End Port 
0.0.0.0/0         All            All                All

The vrouter vm can also access the Internet.
But the instance vm is still able to access the vrouter gateway ip and the Internet.




------------------ Original ------------------
From:  "Murali Reddy"<Murali.Reddy@citrix.com>;
Date:  Thu, Jun 27, 2013 05:21 PM
To:  "users@cloudstack.apache.org"<users@cloudstack.apache.org>; 

Subject:  Re: How to create a network offering without firewall?




Yes, egress firewall default action is 'BLOCK'. Here is a nice blog from
Radhika 
http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules-in-a
pache-cloudstack/

On 27/06/13 2:21 PM, "WXR" <474745079@qq.com> wrote:

>By the way , when I select the default guestnetworkwithsourceNAT and
>create an instance,the vm can not access to the Internet,is this a
>default setting?how can I let the vm access the Internet?
>
>
>
>
>------------------ Original ------------------
>From:  "Murali Reddy"<Murali.Reddy@citrix.com>;
>Date:  Thu, Jun 27, 2013 04:46 PM
>To:  "users@cloudstack.apache.org"<users@cloudstack.apache.org>;
>
>Subject:  Re: How to create a network offering without firewall?
>
>
>
>
>Also, by default all the ports that will be used by edge services are
>blocked by iptable config in the router VM templates. They needed to be
>opened explicitly with firewall rules.
>
>On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" <jayapalreddy.uradi@citrix.com>
>wrote:
>
>>With out firewall provider you can't have sourceNAT and static NAT
>>services because these services are provided by firewall provider only.
>>
>>Thanks,
>>Jayapal
>>
>>On 27-Jun-2013, at 1:35 PM, WXR <474745079@qq.com>
>> wrote:
>>
>>> If I create a new network offering and check
>>>dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall service.But
>>>the firewall will be added into it automatically.
>>> I don't need the firewall service ,how can I create a network offering
>>>without firewall?
>>
>>
>
>
>.


.
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message