Re: Isolated network and ingress rules
Hi Dag Many thanks Jon From: Dag Sonstebo Sent: 06 July 2018 13:01 To: users@cloudstack.apache.org Subject: Re: Isolated network and ingress rules Hi Jon, For normal isolated networks the ingress rules are on the firewall configuration option under each individual public IP address – as oppose to egress rules which apply to the whole network. Regards, Dag Sonstebo Cloud Architect ShapeBlue On 06/07/2018, 12:17, "Jon Marshall" wrote: Quick update re question 2) - where I created a VPC and added a static NAT and it worked as expected. I think this may well be because with VPCs you can configure both ingress and egress rules whereas with a guest isolated network I don't seem to have the ingress option. From: Jon Marshall Sent: 06 July 2018 09:26 To: users@cloudstack.apache.org Subject: Isolated network and ingress rules Have setup advanced network 4.11 KVM and it seems to be a lot more intuitive than basic networking (at least to me 😊) Just a couple of quick questions - 1) when I add a new isolated network with source NAT through the UI no matter what I enter in the Guest gateway and Guest netmask boxes it just uses the initial CIDR block I specified when building the zone. And it reuses this for every new isolated network. Is this normal behaviour ? 2) I tried to add a static NAT for one of the VMs in an isolated network. I know the mapping works because a "curl icanhazip.com" returns the static IP rather than the one used by all the other VMs but I cannot connect to the statically mapped VM from outside. When I go to the Network details in the UI I have egress rules I can edit but no ingress rules tab. Again is this to be expected and if it is any pointers on how to get it working. Thanks dag.sonst...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> Shapeblue - The CloudStack Company<http://www.shapeblue.com/> www.shapeblue.com ShapeBlue are the largest independent integrator of CloudStack technologies globally and are specialists in the design and implementation of IaaS cloud infrastructures for both private and public cloud implementations. 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Isolated network and ingress rules
Hi Jon, For normal isolated networks the ingress rules are on the firewall configuration option under each individual public IP address – as oppose to egress rules which apply to the whole network. Regards, Dag Sonstebo Cloud Architect ShapeBlue On 06/07/2018, 12:17, "Jon Marshall" wrote: Quick update re question 2) - where I created a VPC and added a static NAT and it worked as expected. I think this may well be because with VPCs you can configure both ingress and egress rules whereas with a guest isolated network I don't seem to have the ingress option. From: Jon Marshall Sent: 06 July 2018 09:26 To: users@cloudstack.apache.org Subject: Isolated network and ingress rules Have setup advanced network 4.11 KVM and it seems to be a lot more intuitive than basic networking (at least to me 😊) Just a couple of quick questions - 1) when I add a new isolated network with source NAT through the UI no matter what I enter in the Guest gateway and Guest netmask boxes it just uses the initial CIDR block I specified when building the zone. And it reuses this for every new isolated network. Is this normal behaviour ? 2) I tried to add a static NAT for one of the VMs in an isolated network. I know the mapping works because a "curl icanhazip.com" returns the static IP rather than the one used by all the other VMs but I cannot connect to the statically mapped VM from outside. When I go to the Network details in the UI I have egress rules I can edit but no ingress rules tab. Again is this to be expected and if it is any pointers on how to get it working. Thanks dag.sonst...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Isolated network and ingress rules
Quick update re question 2) - where I created a VPC and added a static NAT and it worked as expected. I think this may well be because with VPCs you can configure both ingress and egress rules whereas with a guest isolated network I don't seem to have the ingress option. From: Jon Marshall Sent: 06 July 2018 09:26 To: users@cloudstack.apache.org Subject: Isolated network and ingress rules Have setup advanced network 4.11 KVM and it seems to be a lot more intuitive than basic networking (at least to me 😊) Just a couple of quick questions - 1) when I add a new isolated network with source NAT through the UI no matter what I enter in the Guest gateway and Guest netmask boxes it just uses the initial CIDR block I specified when building the zone. And it reuses this for every new isolated network. Is this normal behaviour ? 2) I tried to add a static NAT for one of the VMs in an isolated network. I know the mapping works because a "curl icanhazip.com" returns the static IP rather than the one used by all the other VMs but I cannot connect to the statically mapped VM from outside. When I go to the Network details in the UI I have egress rules I can edit but no ingress rules tab. Again is this to be expected and if it is any pointers on how to get it working. Thanks
Isolated network and ingress rules
Have setup advanced network 4.11 KVM and it seems to be a lot more intuitive than basic networking (at least to me 😊) Just a couple of quick questions - 1) when I add a new isolated network with source NAT through the UI no matter what I enter in the Guest gateway and Guest netmask boxes it just uses the initial CIDR block I specified when building the zone. And it reuses this for every new isolated network. Is this normal behaviour ? 2) I tried to add a static NAT for one of the VMs in an isolated network. I know the mapping works because a "curl icanhazip.com" returns the static IP rather than the one used by all the other VMs but I cannot connect to the statically mapped VM from outside. When I go to the Network details in the UI I have egress rules I can edit but no ingress rules tab. Again is this to be expected and if it is any pointers on how to get it working. Thanks
