On 24-Oct-2013, at 10:10 pm, Murugappan, Vairavan <[email protected]> wrote:
> Hi Shankar, > Yes All my VM's have a private ip(10.10.*.*) assigned to it and these are > accessible within my cloud, that is only if I am inside my cloud's network. If you need to one to many NAT, you have to use advanced networking. In an advanced network, a virtual router is used to provide port forwarding and NAT services. If you want continue to use a basic network, then an external firewall can be used to do the NAT services between your limited public IPs and the VMs. > I can ssh into the vm's from host or management server but not from > outside this network. Unless you have special routes in place, firewall and routers won’t route RFC 1918 private subnets. Its a feature. :) > > I don't have lot of public ip's available, so I don't have the option to > provide public ip's to every vm. But I still some how want to provide ssh > access to the vm’s. Either use an advanced network or use an external firewall NAT services. > > Say I have only 1 public ip and I am using it for management node. So from > the internet (outside world) only this ip is visible. > Therefore I need to some how make use of this to provide ssh access to my > other vm's. > So I would do something like the following on management server, > > On management server, > > * set a forwarding rule in my iptables to forward all incoming traffic to > the port 50001 to vm1-internal-ip:22, 50002 to vm2-internal-ip:22 and so > on. > * So I need a event hook to create this port forwarding when vm is started > and assign a unique port and remove it when it is stopped. > That does not sound very “cloudy” to me but you can certainly do these kind of things. Would be a big PITA to maintain the routing and mapping table though. My suggestion would be to redesign your cloud to use an advanced network and sparingly allocate public IPs with a one to many NAT service. Regards. @shankerbalan > Regards, > Vairavan M. > > On 10/24/13 3:48 AM, "Shanker Balan" <[email protected]> wrote: > >> On 24-Oct-2013, at 7:04 am, Murugappan, Vairavan >> <[email protected]> wrote: >> >>> Hi, >>> Is there a way to provide ssh into the guest vm on the basic networking >>> mode. Where there is no Public IP's available on the guest OS. If So how? >> >> In a basic network, each VM is assigned an IP directly from the network. >> Make sure >> these IPs are from a routable subnet. >> >>> >>> If Not? Is there a way to attach a script or a hook when a Guest VM is >>> started, stopped or destroyed? >> >> Create an OS template with the required hooks for start/stop action. The >> VM however >> would not know that its being destroyed. For destroy actions, you would >> need to hook >> into the CloudStack event framework. >> >> >>> So that I can setup some sort of port forwarding on the management >>> server's public ip or any other separate server (login server) with >>> public ip. >> >> I am not sure what exactly you are trying to do here. Can you explain >> more? >> >>> Say for vm 1 i assign port 50001 and forward all traffic to mgmt >>> server's port 50001 to internal private ip of guestvm's port 22. >> >> Why do you require a management server port in the first place? >> >> >>> And remove the forwarding when the vm is stopped. >> >> >> Maybe others can respond to your query better. :) >> >> >> -- >> @shankerbalan >> >> M: +91 98860 60539 | O: +91 (80) 67935867 >> [email protected] | www.shapeblue.com | Twitter:@shapeblue >> ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, >> Bangalore - 560 055 >> >> CloudStack Bootcamp Training on 27/28 November, Bangalore >> http://www.shapeblue.com/cloudstack-training/ >> >> >> >> >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views >> or opinions expressed are solely those of the author and do not >> necessarily represent those of Shape Blue Ltd or related companies. If >> you are not the intended recipient of this email, you must neither take >> any action based upon its contents, nor copy or show it to anyone. Please >> contact the sender if you believe you have received this email in error. >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >> Services India LLP is a company incorporated in India and is operated >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is >> a company incorporated in Brasil and is operated under license from Shape >> Blue Ltd. ShapeBlue is a registered trademark. > -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 [email protected] | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 CloudStack Bootcamp Training on 27/28 November, Bangalore http://www.shapeblue.com/cloudstack-training/ This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
