On Wed, May 16, 2012 at 12:13 PM, Clayton Weise wrote:
> Yeah, so that means it needs to be controlled by the VMs individually. I was
> trying to do it where it's governed by another device in the middle with a
> universal set of rules.
I know it's orthogonal to your original question - but wi
2012 10:14 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: domr iptables rules
Separate account each will have a dedicated VR.
If they are to be on the same guest VLAN then traffic to db VMs can be
controlled by iptables on those VMS.
>-Original Message-
>From: Cl
27;cloudstack-dev@incubator.apache.org'
>Subject: RE: domr iptables rules
>
>But how would the app servers reach the db servers on a private network? In
>your example, what is limiting the communication between app and db? Do
>app and db share the same virtual router? Do they ha
PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: domr iptables rules
One way to do is to have iptables do filtering on db-servers, but the easiest
is ...
Have a advance zone, create two accounts, put db VMs in one account (guest
network) and webserver VM in another. Now in general you have se
: cloudstack-dev@incubator.apache.org
>Subject: RE: domr iptables rules
>
>Thanks for the response. So then my next question is how would this be
>achieved? I can see creating a network for the db servers and set all db
>instances to use it as their default network, and attach t
Subject: RE: domr iptables rules
The app server VMs will reach the db VM via private address.
If you want external access to db too but with restrictions to certain
subnets/ips that too can be achieved using port-forwarding and source cidrs
option.
I believe that the advanced networking model is
cient.
[1] http://confluence.cloudstack.org/display/PM/Burbank
>
>-Original Message-
>From: Murali Reddy [mailto:murali.re...@citrix.com]
>Sent: Thursday, May 10, 2012 9:25 AM
>To: cloudstack-dev@incubator.apache.org
>Subject: Re: domr iptables rules
>
>On 10/05/12
variations of deployments.
-Abhi
>-Original Message-
>From: Clayton Weise [mailto:cwe...@iswest.net]
>Sent: Friday, May 11, 2012 3:58 AM
>To: 'cloudstack-dev@incubator.apache.org'
>Subject: RE: domr iptables rules
>
>So in this case are your app servers re
Weise [mailto:cwe...@iswest.net]
>Sent: Thursday, May 10, 2012 9:00 PM
>To: 'cloudstack-dev@incubator.apache.org'
>Subject: RE: domr iptables rules
>
>It's something I have been toying with. Basically it's a standard app/db setup
>where the app servers would
rali Reddy [mailto:murali.re...@citrix.com]
Sent: Thursday, May 10, 2012 9:25 AM
To: cloudstack-dev@incubator.apache.org
Subject: Re: domr iptables rules
On 10/05/12 9:00 PM, "Clayton Weise" wrote:
>It's something I have been toying with. Basically it's a standard app/db
>setu
Everything in those referenced slides should work. If it doesn't then please
raise bugs.
--
Chiradeep
On May 10, 2012, at 12:24, "Ahmad Emneina" wrote:
> On 5/10/12 9:24 AM, "Murali Reddy" wrote:
>
>> On 10/05/12 9:00 PM, "Clayton Weise" wrote:
>>
>>> It's something I have been toying wit
On 5/10/12 9:24 AM, "Murali Reddy" wrote:
>On 10/05/12 9:00 PM, "Clayton Weise" wrote:
>
>>It's something I have been toying with. Basically it's a standard app/db
>>setup where the app servers would reside in a dmz and the db servers
>>would sit in a trusted network. We need to limit the traf
On 5/10/12 9:24 AM, "Murali Reddy" wrote:
>On 10/05/12 9:00 PM, "Clayton Weise" wrote:
>
>>It's something I have been toying with. Basically it's a standard app/db
>>setup where the app servers would reside in a dmz and the db servers
>>would sit in a trusted network. We need to limit the traf
On 10/05/12 9:00 PM, "Clayton Weise" wrote:
>It's something I have been toying with. Basically it's a standard app/db
>setup where the app servers would reside in a dmz and the db servers
>would sit in a trusted network. We need to limit the traffic going
>between the app and the db servers in
to:cwe...@iswest.net]
>Sent: Thursday, May 10, 2012 9:00 PM
>To: 'cloudstack-dev@incubator.apache.org'
>Subject: RE: domr iptables rules
>
>It's something I have been toying with. Basically it's a standard app/db setup
>where the app servers would resid
ursday, May 10, 2012 8:32 AM
> To: 'cloudstack-dev@incubator.apache.org'
> Subject: RE: domr iptables rules
>
> Right, this would only be for a specific pair of domr's.
>
> -Original Message-
> From: Alex Huang [mailto:alex.hu...@citrix.com]
> Sent:
Right, this would only be for a specific pair of domr's.
-Original Message-
From: Alex Huang [mailto:alex.hu...@citrix.com]
Sent: Wednesday, May 09, 2012 8:14 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: domr iptables rules
I believe it is possible. However, it would
09, 2012 4:33 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: domr iptables rules
It is better to do it through API. CloudStack already provides several APIs for
customer to add ACL for customer network, what kind of rules do you want to
add? Can you do it through current API? Or what ki
che.org'
> Subject: RE: domr iptables rules
>
> As a dirty hack would it be possible to create an init script which added
> these
> custom rules when the domr boots?
>
> -Original Message-
> From: Anthony Xu [mailto:xuefei...@citrix.com]
> Sent:
Weise [mailto:cwe...@iswest.net]
> Sent: Wednesday, May 09, 2012 4:26 PM
> To: 'cloudstack-dev@incubator.apache.org'
> Subject: RE: domr iptables rules
>
> As a dirty hack would it be possible to create an init script which
> added these custom rules when the domr
.
Anthony
> -Original Message-
> From: Clayton Weise [mailto:cwe...@iswest.net]
> Sent: Wednesday, May 09, 2012 10:09 AM
> To: 'cloudstack-dev@incubator.apache.org'
> Subject: domr iptables rules
>
> Where are these kept? After rebooting a virtual router not a
.
Anthony
> -Original Message-
> From: Clayton Weise [mailto:cwe...@iswest.net]
> Sent: Wednesday, May 09, 2012 10:09 AM
> To: 'cloudstack-dev@incubator.apache.org'
> Subject: domr iptables rules
>
> Where are these kept? After rebooting a virtual router not a
Today it is not possible to add custom rules.
--Alex
On May 9, 2012, at 10:11 AM, "Clayton Weise" wrote:
> Where are these kept? After rebooting a virtual router not all of the
> firewall rules came back. Also, I wanted to manually add a few things and I
> was curious where I could do it an
Where are these kept? After rebooting a virtual router not all of the firewall
rules came back. Also, I wanted to manually add a few things and I was curious
where I could do it and have those rules retained when the domr reboots.
Thanks
24 matches
Mail list logo
