Thanks Sanjeev. I was able to get it work today.The 172.16.10.1 is my firewall gateway and the ingress rules seem be allow all. I recreated a vpc and a network offering using ovs and the 'Virtual Networking' and 'Connectivity' provider. Not really sure what these mean.I also deleted and recreated my bridges . I wanted to create a network offering for vpcs with OVS as the static NAT provider but that gets greyed out as soon as I check the VPC. Yes, I noticed that about the Virtual Router . It seems to respond to ARPING with the secondary IP of its public NIC eth2 as 172.16.10.103 and I assume thats how the routing takes place from my 172.16.10.1 gateway.
Anyhow, it seems to work now , will need to do some more tests. --- Thanks . Venkat On Wed, Sep 24, 2014 at 9:14 PM, Sanjeev Neelarapu < sanjeev.neelar...@citrix.com> wrote: > Hi Venkat, > > Couple of questions: > 1. Are you able to reach the gateway 172.16.10.1 from your desktop? > 2. Did you create firewall rules on acquired ip 172.16.10.103 to allow the > ingress traffic? > > You would not need to setup the virtual router as the default gateway. All > the guest vms inside the isolated network you created would have the > virtual router as the default gateway by default. > > Thanks, > Sanjeev > -----Original Message----- > From: Venkat Srinivasan [mailto:ven...@cliqr.com] > Sent: Wednesday, September 24, 2014 4:56 AM > To: users@cloudstack.apache.org > Subject: Static NAT routing > > Hello All, > > I have a cloudstack environment with a advanced zone setup. I have two > bridge networks cloudbr0 and cloudbr1. cloudbr0 is configured on a Public > network interface using VLAN and cloudbr1 uses GRE on a second interface. > > I am using Openvswitch on KVM . > > I also created a networking offering with static nat ,port forwarding etc > using 'ovs' as the provider. > > After my zone was created sucessfully , I created an isolated network > using the above network offering with a cidr of 10.0.0.0/24. > > All this works just fine. I launched a VM inside this network and it > comes up fine and my 'ovs-vsctl show' shows the appropriate tunnels and > bridges created. The VM gets an IP 10.0.0.31. > > Now I want to access this from public network so I acquired a public IP > -172.16.10.103 and created a static nat rule with my VM. The logs also > show everything went through fine My Virtual router IP is 172.16.10.102 and > if I do 'ip addr' I can see that the acquired public ip is added as a > secondary ip to eth2 interface. > > My issue is that I cant seem to route to this public IP from say my > desktop. I checked my cisco firewall/dhcp server and it has not received > any ARP requests for new IP/Interface for 172.16.10.103 either . But the > Systemvms and the Virtual Routers have registed themselves on my > firewall/dhcp server. > I am curious how this works . Do I need to setup some routing in my > hardware firewall to use the virtual router as the default gateway ? > > Currently my default gateway is 172.16.10.1 > > Sorry if Iam missing something basic but any suggestions and ideas will > help. > > -- > Thanks >