cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From COCHE Sébastien <>
Subject RE: routing and firewalling without NAT...
Date Fri, 20 Dec 2013 16:26:55 GMT
Thanks' for your feedback.
I already did this config (with an external firewall), but I would like to configure firewall
through CS.
Actually, only Juniper SRX firewall can be managed through CS. I think, it could be great
to have this feature on CS vRouter.
Also, I do not understand why CloudStack's project did not used open source network appliance
(like Pfsense or Monowall) who already propose a lot of features.


-----Message d'origine-----
De : Erdősi Péter [] 
Envoyé : vendredi 20 décembre 2013 16:12
À :
Objet : Re: routing and firewalling without NAT...


Actually, I use a shared guest network for that.
The subnet is routed by a simple debian, and the CS IPAM stuff gives single public ip's for
Of course, You don't have firewall capabilities in the GUI, but with public IP, the firewalling
should be done by the user inside the VM.

This kind of network require 1 vrouter, which will do dhcp (plus the machine, which actually
do routing, but it's independent from CS and you can also use branded router), so no sys-vm
started for every subnet.
If I know well, you can limit the number of allocatable IP-s /user / domain etc.


2013.12.20. 15:58 keltezéssel, COCHE Sébastien írta:
> Hi all,
> I would like to deploy Cloudstack  instances behind a vrouter configured with routing
and firewalling services. I don't want NAT feature on vRouter. Some application do not support
NAT and management is less simple. It seems that, actually, this configuration is not possible.
Am I right ? If yes is, this feature, present in the cloudstack's roadmap ?
> Thank
> Best regards
> Sébastien Coché

View raw message