cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From COCHE Sébastien <SCO...@sigma.fr>
Subject RE: routing and firewalling without NAT...
Date Fri, 20 Dec 2013 16:26:55 GMT
Thanks' for your feedback.
I already did this config (with an external firewall), but I would like to configure firewall
through CS.
Actually, only Juniper SRX firewall can be managed through CS. I think, it could be great
to have this feature on CS vRouter.
Also, I do not understand why CloudStack's project did not used open source network appliance
(like Pfsense or Monowall) who already propose a lot of features.

Regards,

Sebastien
-----Message d'origine-----
De : Erdősi Péter [mailto:fazy@niif.hu] 
Envoyé : vendredi 20 décembre 2013 16:12
À : users@cloudstack.apache.org
Objet : Re: routing and firewalling without NAT...

Hi,

Actually, I use a shared guest network for that.
The subnet is routed by a simple debian, and the CS IPAM stuff gives single public ip's for
VM-s.
Of course, You don't have firewall capabilities in the GUI, but with public IP, the firewalling
should be done by the user inside the VM.

This kind of network require 1 vrouter, which will do dhcp (plus the machine, which actually
do routing, but it's independent from CS and you can also use branded router), so no sys-vm
started for every subnet.
If I know well, you can limit the number of allocatable IP-s /user / domain etc.

Regards,
  Peter

2013.12.20. 15:58 keltezéssel, COCHE Sébastien írta:
> Hi all,
>
>   
>
> I would like to deploy Cloudstack  instances behind a vrouter configured with routing
and firewalling services. I don't want NAT feature on vRouter. Some application do not support
NAT and management is less simple. It seems that, actually, this configuration is not possible.
Am I right ? If yes is, this feature, present in the cloudstack's roadmap ?
>
>   
>
> Thank
>
>   
>
> Best regards
>
>   
>
> Sébastien Coché
>
>   
>
>

Mime
View raw message