[Openstack] NAT ports from external networks to internal networks
kylin7.sg at gmail.com
Mon Aug 5 03:29:05 UTC 2013
I has implemented this feature based on neutron, it's now supported two
backends: iptables and LVS.
You may want to take a look at the code:
Any feedback is welcome.
2013/8/5 Salvatore Orlando <sorlando at nicira.com>
> Hi Ben,
> The closest the thing to what you want to achieve is the Floating IP, but,
> as you say, this will not allow for fine-grained control over ports; so you
> won't be able, for instance, to expose only port 443 of an internal IP.
> However, this is not in the Havana roadmap at the moment - but this surely
> is something that can be discussed for the Icehouse release.
> This could be implemented as an independent API extension, but could
> actually be implemented by both the FWaaS agent and the L3 agent. This
> decision will depend on the route we choose for service agents, which is
> being discussed at the moment.
> For the time being you might try and use the LBaaS extension with pools
> consistuted by a single service.
> On 4 August 2013 20:40, Ben Firshman <ben at firshman.co.uk> wrote:
>> Hi all,
>> I have a large number of small VMs on Quantum internal networks. I'm
>> trying to find a way to expose services externally without having to attach
>> a whole IPv4 address to each machine.
>> I'm basically looking for a way to NAT external addresses and ports to
>> internal addresses and ports. (TCP/UDP ports that is.) The upcoming FWaaS
>> seems to give more fine-grained control over iptables rules, but not NAT it
>> Perhaps this could be part of FWaaS? Perhaps some kind of separate NATing
>> Mailing list:
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
> Mailing list:
> Post to : openstack at lists.openstack.org
> Unsubscribe :
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack