[Openstack] NAT ports from external networks to internal networks

Sg Kylin kylin7.sg at gmail.com
Mon Aug 5 03:29:05 UTC 2013


Hi, Ben,

I has implemented this feature based on neutron, it's now supported two
backends: iptables and LVS.
You may want to take a look at the code:
https://github.com/liyingjun/neutron/tree/port-nat-support

Any feedback is welcome.

Yingjun


2013/8/5 Salvatore Orlando <sorlando at nicira.com>

> Hi Ben,
>
> The closest the thing to what you want to achieve is the Floating IP, but,
> as you say, this will not allow for fine-grained control over ports; so you
> won't be able, for instance, to expose only port 443 of an internal IP.
>
> However, this is not in the Havana roadmap at the moment - but this surely
> is something that can be discussed for the Icehouse release.
> This could be implemented as an independent API extension, but could
> actually be implemented by both the FWaaS agent and the L3 agent. This
> decision will depend on the route we choose for service agents, which is
> being discussed at the moment.
>
> For the time being you might try and use the LBaaS extension with pools
> consistuted by a single service.
>
> Salvatore
>
>
>
>
> On 4 August 2013 20:40, Ben Firshman <ben at firshman.co.uk> wrote:
>
>> Hi all,
>>
>> I have a large number of small VMs on Quantum internal networks. I'm
>> trying to find a way to expose services externally without having to attach
>> a whole IPv4 address to each machine.
>>
>> I'm basically looking for a way to NAT external addresses and ports to
>> internal addresses and ports. (TCP/UDP ports that is.) The upcoming FWaaS
>> seems to give more fine-grained control over iptables rules, but not NAT it
>> seems.
>>
>> Perhaps this could be part of FWaaS? Perhaps some kind of separate NATing
>> service?
>>
>> Thanks,
>>
>> Ben
>>
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130805/6a6564e9/attachment.html>


More information about the Openstack mailing list