Hi! Why not disable NAT at the L3 router? And then, just create a tenant's subnet with a public IPv4 addrs?
Or, just use IPv6... =P On 1 September 2014 14:41, Don Waterloo <[email protected]> wrote: > I've written and here contribute for your hacking pleasure a couple of > things I've found useful. > > The first is an ability to ssh to an arbitrary instance inside an > OpenStack cloud, without having any public IP. > https://github.com/donbowman/ssh-jump > > The second is an ability to vpn to an arbitrary instance instance inside > an OpenStack cloud, also without public IP. > https://github.com/donbowman/sstp-proxy > > These work properly with namespaces and with multiple compute/network > nodes. For the 'ssh jump', I created a 'jump' user (which doesn't allow > interactive login) on the l3 router node. This allows users to simply 'ssh > me@myhost+cloud', and the +cloud does all the magic. > > For the 'sstp proxy', I parse the SSTP url to extract the > tenant/user/host, and then proxy an SSTP session in to that host. I used > softether on the host. > > I find the former (ssh) very useful for e.g. scp, port-forward, generally > accessing my instances. The 2nd is nice because it allows an external host > to become 'inside' your Heat stack. > > Enjoy and fork @ will. > > --don > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
