-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Luckmore,
(sending again to include the list) I'm not 100% sure your setup will work out of the box. My only concern is that vcld will be looking for the public IP of your reverse proxy server when configuring NAT rules on the management node. That said, have you configured your management node as a NAT host? You do this under Manage->"Management Nodes" and click Edit for your management node. Then, select the checkbox next to "Use as NAT Host". Enter the IP of your proxy server as "NAT Public IP Address". Moving on to "NAT Internal IP Address", VCL expects you to have 2 networks, one that the management node uses to control things, and one over which user traffic flows. I generally refer to the second of those as the "NAT network" when in a NAT environement. Your management node will need an IP on this NAT network. That IP will need to be entered as "NAT Internal IP Address". VCL has code to configure each NAT host to MASQUERADE in the nat tables, but since your case is a little different, you'll need to manually configure that in your POSTROUTING chain. As long as vcld sees a MASQUERADE rule in the POSTROUTING chain, it will skip the configuration part. Finally, you'll need to configure each of your VMs to use your management node as their NAT host. You can select all of them and then click "Actions for selected computers"->"Change NAT" to change them all at once. Let us know how that works out. Josh On Saturday, December 5, 2020 3:18:35 AM EST you wrote: > Hi Josh, > > I'm requesting for advice on how I can have users accessing VCL from > outside the campus. > > Below is what I have done so far: > > - My setup has one management node that is using a private 192.168.10.x IP > for web access. This is working well from within campus. > > - For outside access, I have set up a reverse proxy and through this I am > able to access the VCL web interface, log in, make a reservation, and > download the RDP file. > > - For the RDP ports, I have setup NAT on the same firewall that is doing > reverse proxy so that it forwards the RDP port ranges to the management node > > Issues I require advice on are: > > - The RDP file is having the management node private IP pre-entered. I > would like to have this filled in by default to the firewall WAN IP > > - During testing, even after manually editing the pre-filled IP to the > firewall WAN IP, RDP does not work. However, doing an RDP to a different > standalone server through the same NAT works. > > Please advise on what I have missed. > > Thanks and regards, > Luckmore Chirongo - -- - ------------------------------- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University [email protected] 919-515-5323 my GPG/PGP key can be found on pool.sks-keyservers.net All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCX8/lHgAKCRBX8tBw1209 A92nAJ4k4bItUrYw2tOUePbLSzWtbvmhbgCfTjOIyfrocdny8suUs7/qevsxW7U= =57qQ -----END PGP SIGNATURE-----
