Why not a set of VMs running app server load balanced using VR. A VM running db (or probably a set of VM running db in master-slave conf) with no external access but only via the app server VMs. I guess this is what you want ?
-Abhi >-----Original Message----- >From: Clayton Weise [mailto:cwe...@iswest.net] >Sent: Thursday, May 10, 2012 9:00 PM >To: 'cloudstack-dev@incubator.apache.org' >Subject: RE: domr iptables rules > >It's something I have been toying with. Basically it's a standard app/db setup >where the app servers would reside in a dmz and the db servers would sit in a >trusted network. We need to limit the traffic going between the app and the >db servers in advanced networking. So currently the db and app servers have >their own separate networks (vlans) and their own virtual routers. I was >thinking of different ways to limit the traffic from app to db to be permitted >on specific ports. > >-----Original Message----- >From: Anthony Xu [mailto:xuefei...@citrix.com] >Sent: Wednesday, May 09, 2012 4:33 PM >To: cloudstack-dev@incubator.apache.org >Subject: RE: domr iptables rules > >It is better to do it through API. CloudStack already provides several APIs for >customer to add ACL for customer network, what kind of rules do you want to >add? Can you do it through current API? Or what kind API you would like to >add? > >Anthony > >> -----Original Message----- >> From: Clayton Weise [mailto:cwe...@iswest.net] >> Sent: Wednesday, May 09, 2012 4:26 PM >> To: 'cloudstack-dev@incubator.apache.org' >> Subject: RE: domr iptables rules >> >> As a dirty hack would it be possible to create an init script which >> added these custom rules when the domr boots? >> >> -----Original Message----- >> From: Anthony Xu [mailto:xuefei...@citrix.com] >> Sent: Wednesday, May 09, 2012 12:21 PM >> To: cloudstack-dev@incubator.apache.org >> Subject: RE: domr iptables rules >> >> Iptables rules is not persistent inside domr, CloudStack send command >> to domr to generate rules on demand. >> So if you reboot domr, some rules may not come back. But if you reboot >> domr through Cloudstack UI, all rules should come back, Cloudstack >> will send commands to program rules again. >> >> >> Anthony >> >> >> > -----Original Message----- >> > From: Clayton Weise [mailto:cwe...@iswest.net] >> > Sent: Wednesday, May 09, 2012 10:09 AM >> > To: 'cloudstack-dev@incubator.apache.org' >> > Subject: domr iptables rules >> > >> > Where are these kept? After rebooting a virtual router not all of >> the >> > firewall rules came back. Also, I wanted to manually add a few >> things >> > and I was curious where I could do it and have those rules retained >> > when the domr reboots. >> > >> > Thanks
