cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fariborz Navidan <>
Subject Re: Does traffic touches VR when gateway is is not on the cloud network?
Date Fri, 01 Nov 2019 20:01:59 GMT
Yes, it is a shared network with external gateway. Indeed hosts are
connected to a vRack on OVH network. Gateway address is externally
addressed as last usable IP of the IP block. On CloudStack side, we have I
have configured several IP address ranges on the same shared guest network
in an advanced zone.

What I want to do is, to block some outgoing traffic from specific source
IPs rto specific destination IP ranges. I want to know that I should place
firewall rule on theVR or on the host itself. The cloud is currently
running with one host but I should be able to generalize this rules for
further scaling when more hosts are added in future.


On Fri, Nov 1, 2019 at 10:30 PM Andrija Panic <>

> Can you explain your setup a bit more - I'm not clear with "gateway address
> of my guest network is not inside the cloud and it is
> not under my management" - is this a shared network, using some external
> gateway (which is a normal setup for Shared network)?
> On Fri, 1 Nov 2019 at 16:21, Fariborz Navidan <>
> wrote:
> > Hello,
> >
> > The gateway address of my guest network is not inside the cloud and it is
> > not under my management. My question is that does guest traffic still
> touch
> > the virtual router and can I place custom firewall rules between guests
> and
> > outside network on VR?
> >
> --
> Andrija Panić

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message