cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fariborz Navidan <mdvlinqu...@gmail.com>
Subject Re: Does traffic touches VR when gateway is is not on the cloud network?
Date Fri, 01 Nov 2019 20:01:59 GMT
Yes, it is a shared network with external gateway. Indeed hosts are
connected to a vRack on OVH network. Gateway address is externally
addressed as last usable IP of the IP block. On CloudStack side, we have I
have configured several IP address ranges on the same shared guest network
in an advanced zone.

What I want to do is, to block some outgoing traffic from specific source
IPs rto specific destination IP ranges. I want to know that I should place
firewall rule on theVR or on the host itself. The cloud is currently
running with one host but I should be able to generalize this rules for
further scaling when more hosts are added in future.

Thanks

On Fri, Nov 1, 2019 at 10:30 PM Andrija Panic <andrija.panic@gmail.com>
wrote:

> Can you explain your setup a bit more - I'm not clear with "gateway address
> of my guest network is not inside the cloud and it is
> not under my management" - is this a shared network, using some external
> gateway (which is a normal setup for Shared network)?
>
> On Fri, 1 Nov 2019 at 16:21, Fariborz Navidan <mdvlinquest@gmail.com>
> wrote:
>
> > Hello,
> >
> > The gateway address of my guest network is not inside the cloud and it is
> > not under my management. My question is that does guest traffic still
> touch
> > the virtual router and can I place custom firewall rules between guests
> and
> > outside network on VR?
> >
>
>
> --
>
> Andrija Panić
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message