Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8928B11396 for ; Thu, 3 Apr 2014 21:09:36 +0000 (UTC) Received: (qmail 72396 invoked by uid 500); 3 Apr 2014 21:09:35 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 72106 invoked by uid 500); 3 Apr 2014 21:09:34 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 72097 invoked by uid 99); 3 Apr 2014 21:09:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Apr 2014 21:09:32 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [216.248.23.25] (HELO mail.lpsintegration.com) (216.248.23.25) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Apr 2014 21:09:25 +0000 Received: from nas-excas-02.lps.local (HELO owa.lpsintegration.com) ([10.192.8.101]) by mail.lpsintegration.com with ESMTP/TLS/AES128-SHA; 03 Apr 2014 16:09:05 -0500 Received: from NAS-EXMBX-01.lps.local ([fe80::5505:ae12:6716:f8dd]) by NAS-EXCAS-02.lps.local ([::1]) with mapi id 14.03.0123.003; Thu, 3 Apr 2014 16:09:05 -0500 From: Xerex Bueno To: "users@cloudstack.apache.org" Subject: Re: Public IP Addressing in a Advanced Zone behind a Firewall Thread-Topic: Public IP Addressing in a Advanced Zone behind a Firewall Thread-Index: AQHPT273hVLubeoFzUyEiVQbG1dBP5sAYwOA Date: Thu, 3 Apr 2014 21:09:04 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [96.38.39.82] Content-Type: text/plain; charset="us-ascii" Content-ID: <7826F7A07D55E44B8C5F96CAB86E58DA@LPSIntegration.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org So you will not be able to NAT the public IPs to the vRouter. If you do NAT them it will become a mess for management, not to mention you reduce the effectiveness of Cloudstack as a cloud management tool. You need to expose that block to your WAN switch of which the public interface will need to connect to. If you really wanted to put a firewall in front you would need to place it in transparent mode which would allow you to create policies to control traffic. On 4/3/14, 1:59 PM, "Fred Newtz" wrote: >Public IP addresses confuse me the most in a Cloudstack install. I have a >Firewall that is hosting all of my public IP addresses now. The >management >server is supposed to sit behind a NAT device to protect it from attack. >How am I supposed to assign public IP addresses to virtual machines >(virtual routers) inside of the NAT device? I have not seen any clear >documentation on how this is supposed to be configured to make everything >work correctly. Where do I assign my IP addresses and how do I get them >through the firewall correctly? > >I just purchased a Juniper SRX100 device (will be a small deployment). >Will installing this help manage the Public IP situation easier (and even >automatic)? If anyone has any suggestions on what I should search for to >solve this issue that would be great. Explaining would be even better. > >Thanks, > >Fred ________________________________ This document is PROPRIETARY and CONFIDENTIAL and may not be duplicated, re= distributed, or displayed to any other party without the expressed written = permission of LPS Integration, Inc. If you are not the intended recipient a= nd have received this email in error, please destroy the email and contact = the LPS Integration Security Officer at 866-577-2902 (Phone), 615-349-9009 = (Fax) or 230 Great Circle Rd. Suite 218 Nashville, TN 37228 (US Mail)