cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Maria Magnini <fmm1...@gmail.com>
Subject Re: [Advanced Zone] Isolated Source NAT issue (NAT not working)
Date Fri, 20 Dec 2013 20:33:02 GMT
Geoff,
since my VM has only one NIC in the 10.1.1.0/24 subnet, in order to try the
Static NAT feature to I need to acquire a new secondary IP for that NIC?


On Fri, Dec 20, 2013 at 10:54 AM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:

> You could create a network offering with only DNS, DHCP & UserData
> services and also the Specify VLAN option enabled, then use this to create
> a guest network with public IPs.  You would need to ensure the chosen IP
> Range and VLAN Zmaps through to a physical router.
>
> Alternatively you could try the Static NAT feature.  This maps a public IP
> to a single guest VM.  You just need to acquire an additional IP first.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540>| M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com>
> |www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@shapeblue<
> https://twitter.com/#!/shapeblue>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 20 Dec 2013, at 09:28, "Francesco Maria Magnini" <fmm1982@gmail.com
> <mailto:fmm1982@gmail.com>> wrote:
>
> Thanks for the clarification, it makes sense.
> So far I have instances attached to the 10.1.1.0/24 guest network, and I
> have Internet connection through the Virtual Router source-NAT feature.
> But now, I would like to take one public IP and configure it directly on
> one instance.
> Do I need a different range from the one assigned right now to the SSVM? Or
> can I use for simplicity the same public network subnet declared during
> advanced zone creation?
>
>
> On Fri, Dec 20, 2013 at 10:16 AM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com>>
> wrote:
>
> The VR is configured to not respond to pings, probably a anti DDOS measure.
>
> If you restart the VR it will respond to pings whilst it is booting, but
> then the security policies kick in and the responses stop.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://37>
>
>
>
> On 20 Dec 2013, at 08:46, "Francesco Maria Magnini" <fmm1982@gmail.com
> <mailto:fmm1982@gmail.com>
> <mailto:fmm1982@gmail.com>> wrote:
>
> Where should I add a firewall rule, manually using iptables inside the
> Virtual Router?
> Consider that I have no firewall in my network layout preventing ICMP to
> reach the Virtual Router.
>
>
> On Fri, Dec 20, 2013 at 1:57 AM, Andrei Mikhailovsky <andrei@arhont.com
> <mailto:andrei@arhont.com>
> <mailto:andrei@arhont.com>>wrote:
>
>
>
> Francesco,
>
> I believe you need to add a firewall rule to allow ingress ICMP traffic.
> Once allowed you should be able to ping it.
>
> Andrei
>
> ----- Original Message -----
>
> From: "Francesco Maria Magnini" <fmm1982@gmail.com<mailto:
> fmm1982@gmail.com><mailto:
> fmm1982@gmail.com<mailto:fmm1982@gmail.com>>>
> To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org
> ><mailto:users@cloudstack.apache.org>
> Sent: Thursday, 19 December, 2013 11:23:37 PM
> Subject: Re: [Advanced Zone] Isolated Source NAT issue (NAT not working)
>
> Hi Geoff,
>
> I've added a "permit all" egress rule (source 0.0.0.0/0 ALL) and now guest
> VMs can connect to Internet.
> Is it normal that the Virtual Router is still not reachable through the
> public network?
> I cannot ping its public IP address (other 2 public SSVM are pingables).
>
> Regards
>
>
> On Thu, Dec 19, 2013 at 7:12 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com>>
> wrote:
>
> Francesco,
>
> Have you enabled egress rules to allow outbound traffic for guest VMs
>
> If you are trying to ping the public IP of the VR it will not respond due
> to security settings, however the SSVM and CPVM do respond.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540>| M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com
> <mailto:geoff.higginbottom@shapeblue.com
>
> |www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com
> ><htp://www.shapeblue.com/> |
> Twitter:@shapeblue<
> https://twitter.com/#!/shapeblue>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 19 Dec 2013, at 18:04, "Francesco Maria Magnini" <fmm1982@gmail.com
> <mailto:fmm1982@gmail.com>
> <mailto:fmm1982@gmail.com>
> <mailto:fmm1982@gmail.com>> wrote:
>
> Hi guys,
>
> I cannot ping internet from VMs.
> Pinging from Virtual Router is ok.
>
> In addition, SSVM are reachable from outside (storage/proxy ssvm) through
> addresses configured in public network range, Virtual router is not
> reachable (but can ping internet).
>
> Any idea?
>
>
> --
> "I videogiochi non influenzano i bambini.
> Voglio dire, se pac-man avesse influenzato la nostra generazione,
> staremmo tutti saltando in sale scure,
> masticando pillole magiche e ascoltando musica elettronica
> ripetitiva..."
>
> (Kristian Wilson, Nintendo Inc, 1989)
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views
> or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not
> the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the
> sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is
> a
> company incorporated in India and is operated under license from Shape
> Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in
> Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
>
>
>
> --
> "I videogiochi non influenzano i bambini.
> Voglio dire, se pac-man avesse influenzato la nostra generazione,
> staremmo tutti saltando in sale scure,
> masticando pillole magiche e ascoltando musica elettronica
> ripetitiva..."
>
> (Kristian Wilson, Nintendo Inc, 1989)
>
>
>
>
> --
> "I videogiochi non influenzano i bambini.
> Voglio dire, se pac-man avesse influenzato la nostra generazione,
> staremmo tutti saltando in sale scure,
> masticando pillole magiche e ascoltando musica elettronica
> ripetitiva..."
>
> (Kristian Wilson, Nintendo Inc, 1989)
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
>
>
>
> --
> "I videogiochi non influenzano i bambini.
> Voglio dire, se pac-man avesse influenzato la nostra generazione,
> staremmo tutti saltando in sale scure,
> masticando pillole magiche e ascoltando musica elettronica
> ripetitiva..."
>
> (Kristian Wilson, Nintendo Inc, 1989)
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>



-- 
“I videogiochi non influenzano i bambini.
Voglio dire, se pac-man avesse influenzato la nostra generazione,
staremmo tutti saltando in sale scure,
masticando pillole magiche e ascoltando musica elettronica
ripetitiva...”

(Kristian Wilson, Nintendo Inc, 1989)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message