Static NAT
Yes, CloudPlatform uses IPTABLES.
Can you check the output of ip addr when run on the router?
Somesh Naidu
CITRIX EMPLOYEES
Actions pour les commentaires
Community
Other links
CloudPlatform 3.x
Static NAT
Static NAT
I have a number of isolated networks, in each isolated network there are a couple of VMs that require public access via static NAT, but at the moment the static NAT is not functioning.
I have done the following:
1. Created a network offering "Isolated-SNAT" with DHCP, SourceNat, Firewall, StaticNat, UserData and DNS
2. Created a network using this offering - CIDR = 10.101.0.0/16; Gateway = 10.101.0.1
The network has the following NICs: eth0 - 10.101.0.1 (private); eth1 - 169.254.1.6; eth2 - 10.103.10.72 (public)
3. Deployed a VM within this network that gets the IP address 10.101.43.47
4. Acquired an IP from the public range (10.103.8.0/22) - 10.103.11.125
5. Enable static NAT to the VMs private IP (10.103.11.125 <-> 10.101.43.47)
In the management log it appears to be successful:
2013-06-26 09:45:53,662 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (catalina-exec-19:null) Applying ip association in network Ntwk[224|Guest|21]
2013-06-26 09:45:53,688 DEBUG [agent.transport.Request] (catalina-exec-19:null) Seq 10-248782112: Sending { Cmd , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 100001, [{"routing.IpAssocCommand":{"ipAddresses":[{"accountId":5,"publicIp":"10.103.10.72","sourceNat":true,"add":true,"oneToOneNat":false,"firstIP":true,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:a0:68:00:02:7a","networkRate":200,"trafficType":"Public","networkName":"guest-public"},{"accountId":5,"publicIp":"10.103.11.125","sourceNat":false,"add":true,"oneToOneNat":true,"firstIP":false,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:17:da:00:03:af","networkRate":200,"trafficType":"Public","networkName":"guest-public"},{"accountId":5,"publicIp":"10.103.10.12","sourceNat":false,"add":true,"oneToOneNat":true,"firstIP":false,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:d2:a0:00:02:3e","networkRate":200,"trafficType":"Public","networkName":"guest-public"}],"accessDetails":{"zone.network.type":"Advanced","router.name":"r-183-VM","router.ip":"169.254.1.6","router.guest.ip":"10.101.0.1"},"wait":0}}] }
2013-06-26 09:45:53,688 DEBUG [agent.transport.Request] (catalina-exec-19:null) Seq 10-248782112: Executing: { Cmd , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 100001, [{"routing.IpAssocCommand":{"ipAddresses":[{"accountId":5,"publicIp":"10.103.10.72","sourceNat":true,"add":true,"oneToOneNat":false,"firstIP":true,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:a0:68:00:02:7a","networkRate":200,"trafficType":"Public","networkName":"guest-public"},{"accountId":5,"publicIp":"10.103.11.125","sourceNat":false,"add":true,"oneToOneNat":true,"firstIP":false,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:17:da:00:03:af","networkRate":200,"trafficType":"Public","networkName":"guest-public"},{"accountId":5,"publicIp":"10.103.10.12","sourceNat":false,"add":true,"oneToOneNat":true,"firstIP":false,"vlanId":"102","vlanGateway":"10.103.11.254","vlanNetmask":"255.255.252.0","vifMacAddress":"06:d2:a0:00:02:3e","networkRate":200,"trafficType":"Public","networkName":"guest-public"}],"accessDetails":{"zone.network.type":"Advanced","router.name":"r-183-VM","router.ip":"169.254.1.6","router.guest.ip":"10.101.0.1"},"wait":0}}] }
2013-06-26 09:46:02,209 INFO [cloud.network.NetworkManagerImpl] (catalina-exec-19:null) Let VirtualRouter handle StaticNat in network 224
2013-06-26 09:46:02,215 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (catalina-exec-19:null) Applying static nat rules in network Ntwk[224|Guest|21]
2013-06-26 09:46:02,223 DEBUG [agent.transport.Request] (catalina-exec-19:null) Seq 10-248782113: Sending { Cmd , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 100001, [{"routing.SetStaticNatRulesCommand":{"rules":[{"dstIp":"10.101.43.47","id":0,"srcIp":"10.103.11.125","revoked":false,"alreadyAdded":false,"purpose":"StaticNat","icmpType":0,"icmpCode":0}],"accessDetails":{"zone.network.type":"Advanced","router.name":"r-183-VM","router.ip":"169.254.1.6","router.guest.ip":"10.101.0.1"},"wait":0}}] }
2013-06-26 09:46:02,223 DEBUG [agent.transport.Request] (catalina-exec-19:null) Seq 10-248782113: Executing: { Cmd , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 100001, [{"routing.SetStaticNatRulesCommand":{"rules":[{"dstIp":"10.101.43.47","id":0,"srcIp":"10.103.11.125","revoked":false,"alreadyAdded":false,"purpose":"StaticNat","icmpType":0,"icmpCode":0}],"accessDetails":{"zone.network.type":"Advanced","router.name":"r-183-VM","router.ip":"169.254.1.6","router.guest.ip":"10.101.0.1"},"wait":0}}] }
2013-06-26 09:46:03,224 DEBUG [agent.transport.Request] (DirectAgent-231:null) Seq 10-248782113: Processing: { Ans: , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 0, [{"routing.SetStaticNatRulesAnswer":{"results":[null],"result":true,"wait":0}}] }
2013-06-26 09:46:03,224 DEBUG [agent.transport.Request] (catalina-exec-19:null) Seq 10-248782113: Received: { Ans: , MgmtId: 124711801383, via: 10, Ver: v1, Flags: 0, { SetStaticNatRulesAnswer } }
However the static NAT does not work... no traffic goes through the VR
I have logged onto the VR and looked in the IPTABLE... there is no POSTROUTING or NAT table.
Is there any additional configuration i need to perform? Does CloudPlatform use IPTABLES?
Any advice is gratefully received
Andy
Andy Frodsham
MEMBERS
Participate
Ask, Discuss, Answer