cloudstack-users mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	"WXR" <474745...@qq.com>
Subject	Re: How to create a network offering without firewall?
Date	Thu, 27 Jun 2013 10:04:26 GMT
Sorry,the instance can access the vrouter gateway ip ,but can not access the Internet. ------------------ Original ------------------ From: "WXR"<474745079@qq.com>; Date: Thu, Jun 27, 2013 06:01 PM To: "users"<users@cloudstack.apache.org>; Subject: Re: How to create a network offering without firewall? I have added a egress rule like this: Source CIDR Protocol Start Port End Port 0.0.0.0/0 All All All The vrouter vm can also access the Internet. But the instance vm is still able to access the vrouter gateway ip and the Internet. ------------------ Original ------------------ From: "Murali Reddy"<Murali.Reddy@citrix.com>; Date: Thu, Jun 27, 2013 05:21 PM To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>; Subject: Re: How to create a network offering without firewall? Yes, egress firewall default action is 'BLOCK'. Here is a nice blog from Radhika http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules-in-a pache-cloudstack/ On 27/06/13 2:21 PM, "WXR" <474745079@qq.com> wrote: >By the way , when I select the default guestnetworkwithsourceNAT and >create an instance,the vm can not access to the Internet,is this a >default setting?how can I let the vm access the Internet? > > > > >------------------ Original ------------------ >From: "Murali Reddy"<Murali.Reddy@citrix.com>; >Date: Thu, Jun 27, 2013 04:46 PM >To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>; > >Subject: Re: How to create a network offering without firewall? > > > > >Also, by default all the ports that will be used by edge services are >blocked by iptable config in the router VM templates. They needed to be >opened explicitly with firewall rules. > >On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" <jayapalreddy.uradi@citrix.com> >wrote: > >>With out firewall provider you can't have sourceNAT and static NAT >>services because these services are provided by firewall provider only. >> >>Thanks, >>Jayapal >> >>On 27-Jun-2013, at 1:35 PM, WXR <474745079@qq.com> >> wrote: >> >>> If I create a new network offering and check >>>dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall service.But >>>the firewall will be added into it automatically. >>> I don't need the firewall service ,how can I create a network offering >>>without firewall? >> >> > > >. .
Mime	Unnamed multipart/alternative (inline, 8-Bit, 0 bytes) Unnamed text/plain (inline, Base64, 3315 bytes)
	View raw message