firewall floating IPs

asked 2015-04-25 07:56:57 -0500

Christians1 gravatar image

We have openstack is installed on a bladechassis controller is one blade, network is another blade and so on. But we want the floating IPs firewalled, can I put my firewall in the openstack instance?

edit retag flag offensive close merge delete


Is your question to use the firewall in the instance instead of the security group? If you are using neutron, your security groups are applied on the compute node directly before the Instance, this means that the security group is applied to both the floating IP traffic as well as the private netwo

jdexter gravatar imagejdexter ( 2015-04-26 06:13:30 -0500 )edit

Hi, thanks for the response.

We want to use private addressing for the floating IPs so they are reachable from our internal network.. but we want to set up a nat as well for when it goes out to the internet. So I was thinking of adding a vyatta firewall in the openstack instance for the nat.

Christians1 gravatar imageChristians1 ( 2015-04-26 10:58:06 -0500 )edit

Also you can run a firewall + router software in an instance. I have did in my case between two networks.

SGPJ gravatar imageSGPJ ( 2015-04-27 08:55:06 -0500 )edit