Yes, it is a shared network with external gateway. Indeed hosts are connected to a vRack on OVH network. Gateway address is externally addressed as last usable IP of the IP block. On CloudStack side, we have I have configured several IP address ranges on the same shared guest network in an advanced zone.
What I want to do is, to block some outgoing traffic from specific source IPs rto specific destination IP ranges. I want to know that I should place firewall rule on theVR or on the host itself. The cloud is currently running with one host but I should be able to generalize this rules for further scaling when more hosts are added in future. Thanks On Fri, Nov 1, 2019 at 10:30 PM Andrija Panic <[email protected]> wrote: > Can you explain your setup a bit more - I'm not clear with "gateway address > of my guest network is not inside the cloud and it is > not under my management" - is this a shared network, using some external > gateway (which is a normal setup for Shared network)? > > On Fri, 1 Nov 2019 at 16:21, Fariborz Navidan <[email protected]> > wrote: > > > Hello, > > > > The gateway address of my guest network is not inside the cloud and it is > > not under my management. My question is that does guest traffic still > touch > > the virtual router and can I place custom firewall rules between guests > and > > outside network on VR? > > > > > -- > > Andrija Panić >
