Hi Ben, The closest the thing to what you want to achieve is the Floating IP, but, as you say, this will not allow for fine-grained control over ports; so you won't be able, for instance, to expose only port 443 of an internal IP.
However, this is not in the Havana roadmap at the moment - but this surely is something that can be discussed for the Icehouse release. This could be implemented as an independent API extension, but could actually be implemented by both the FWaaS agent and the L3 agent. This decision will depend on the route we choose for service agents, which is being discussed at the moment. For the time being you might try and use the LBaaS extension with pools consistuted by a single service. Salvatore On 4 August 2013 20:40, Ben Firshman <b...@firshman.co.uk> wrote: > Hi all, > > I have a large number of small VMs on Quantum internal networks. I'm > trying to find a way to expose services externally without having to attach > a whole IPv4 address to each machine. > > I'm basically looking for a way to NAT external addresses and ports to > internal addresses and ports. (TCP/UDP ports that is.) The upcoming FWaaS > seems to give more fine-grained control over iptables rules, but not NAT it > seems. > > Perhaps this could be part of FWaaS? Perhaps some kind of separate NATing > service? > > Thanks, > > Ben > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
