Re: Private and public network access with secuity groups

2024-05-16 Thread Tomas Leypold
Hi,

It seems that currently there is no way to have both a public network with 
security groups on one interface (eth0) and an isolated network as a secondary 
interface (eth1) on one instance at the same time. Does anyone know if this is 
a planned feature? Thanks.

Best Regards,
Tomas Leypold

On Thursday, May 02, 2024 15:27 CEST, "Tomas Leypold"  wrote:

> Hi,
> In our current in-home libvirt-based solution, we can spin up instances that 
> have access to the public network (public IP addresses) and a private VLAN 
> network on a secondary interface. Am I correct in understanding that it 
> currently isn't possible to have an advanced private network (isolated 
> network with NAT) and at the same time have access to the public network 
> secured by security groups on the secondary interface, as you can with some 
> public cloud providers? Is the closest approach to achieve this through a 
> static NAT with firewall rules?
> Thanks.
> ---
> Best Regards,
> Tomas Leypold
> 
>



Private and public network access with secuity groups

2024-05-02 Thread Tomas Leypold
Hi,
In our current in-home libvirt-based solution, we can spin up instances that 
have access to the public network (public IP addresses) and a private VLAN 
network on a secondary interface. Am I correct in understanding that it 
currently isn't possible to have an advanced private network (isolated network 
with NAT) and at the same time have access to the public network secured by 
security groups on the secondary interface, as you can with some public cloud 
providers? Is the closest approach to achieve this through a static NAT with 
firewall rules?
Thanks.
---
Best Regards,
Tomas Leypold




Advice about advanced zone with security groups

2024-03-11 Thread Tomas Leypold
Hi,

I am new to CloudStack and am trying to create a POC. I am having a problem 
with Core/Advanced with security groups enabled. With security groups enabled, 
it seems that the system VM can't connect to the internet. I am getting a "No 
route to host (Host unreachable)" message in the default template, which I 
think is because there is no "Public traffic type" with security groups. So, 
does the advanced zone with security groups work differently than advanced 
without security groups? I couldn't find anything in the docs, and all the 
tutorials I found are using advanced without security groups which is working 
fine for me. Thanks!

Regards,
Tomas Leypold