cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felipe Arturo Polanco <>
Subject Re: Static Nat how to
Date Sun, 08 Jan 2017 18:38:01 GMT
Hi Makrand,

Thanks for the information.

I have acquired and assigned the public IP to the VM and with tcpdump I can
see the packets coming into the public interface but they never get out via
the private interface in the Virtual Router.

When I do a whatsmyip query on the VM I see it still uses the VR Public IP
for getting Public access.

I double checked the iptables rules and I can see the Static NAT rules
being present in the chains for the acquired IP so it still a mystery why
the packets are not going out to the private NIC and the VM traffic still
uses the Source NAT instead of Static NAT for egress communication.

My egress rules for the network are allow ALL in

On Sun, Jan 8, 2017 at 12:44 PM, Makrand <> wrote:

> Hi Felipe,
> Have a look at below screenshot which will help you to navigate to firewall
> menu for static NAT:-
> 1) Once you acquire a new public IP (static NAT) you need to hook it to VM
> behind that network.
> 2) If you think you've set everything right (as like above) and if things
> still aren't working, then run tcpdump on VR interface (eth2 mostly) where
> your public IP is hooked. See you're getting any packets at all on that
> public IP from your  source IP for desired ports. If not, then you need to
> configure ports properly at physical firewall for public IP.
> --
> Makrand
> On Sat, Jan 7, 2017 at 6:55 AM, Felipe Arturo Polanco <
>> wrote:
> > Hi,
> >
> > Can anyone provide me a link to how to adjust the firewall with static
> Nat
> > of a virtual router?
> >
> > My VMs can get access to the Internet via the virtual router but when I
> > assign a public IP via static Nat nothing happens, looks like the
> firewall
> > is not allowing outside communication.
> >
> > I put some rules on the static IP like icmp 8,0 or tcp port 22 but no
> > response.
> >
> > I'm using the default isolated network offering with nat.
> >
> > Any guest?
> >

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message