Thanks' for your feedback. I already did this config (with an external firewall), but I would like to configure firewall through CS. Actually, only Juniper SRX firewall can be managed through CS. I think, it could be great to have this feature on CS vRouter. Also, I do not understand why CloudStack's project did not used open source network appliance (like Pfsense or Monowall) who already propose a lot of features.
Regards, Sebastien -----Message d'origine----- De : Erdősi Péter [mailto:f...@niif.hu] Envoyé : vendredi 20 décembre 2013 16:12 À : users@cloudstack.apache.org Objet : Re: routing and firewalling without NAT... Hi, Actually, I use a shared guest network for that. The subnet is routed by a simple debian, and the CS IPAM stuff gives single public ip's for VM-s. Of course, You don't have firewall capabilities in the GUI, but with public IP, the firewalling should be done by the user inside the VM. This kind of network require 1 vrouter, which will do dhcp (plus the machine, which actually do routing, but it's independent from CS and you can also use branded router), so no sys-vm started for every subnet. If I know well, you can limit the number of allocatable IP-s /user / domain etc. Regards, Peter 2013.12.20. 15:58 keltezéssel, COCHE Sébastien írta: > Hi all, > > > > I would like to deploy Cloudstack instances behind a vrouter configured with > routing and firewalling services. I don't want NAT feature on vRouter. Some > application do not support NAT and management is less simple. It seems that, > actually, this configuration is not possible. Am I right ? If yes is, this > feature, present in the cloudstack's roadmap ? > > > > Thank > > > > Best regards > > > > Sébastien Coché > > > >