Neutron port forwarding (qrouter -> VMs)

asked 2015-07-09 03:24:27 -0500

imarino gravatar image

updated 2015-07-09 03:38:07 -0500

Hi all, i actually have been able to enable some kind of NAT port forwarding inside the qrouter namespace:

% sudo ip netns exec qrouter-xxxxxxxx iptables -A PREROUTING -t nat -p tcp --dport 2222 -j DNAT --to 172.16.0.4:22

The qrouter-xxxxxxxx is directly connected to br-ex and has this way a public IP so I can basically do things like:

% ssh qrouter-public-ip -p 2222

and land directly on internal VM 172.16.0.4 on port 22, this works fine. Idea is to forward port 22XY where XY are reserved for each VM where I need ssh access:

% ssh qrouter-public-ip -p 2222 -> TENANT1 VM1

% ssh qrouter-public-ip -p 2223 -> TENANT1 VM2

% ssh qrouter-public-ip -p 2224 -> TENANT2 VM2

and so on. All this in order to avoid an extra jump station with another "wasted" public IP.

Now, question: How/where are iptables on qrouter-xxxxxxxx saved? Will they be lost when qrouter-xxxxxxxx restarts? And when/why should qrouter-xxxxxxxx restart?

Actually qrouter-xxxxxxxx "lives" on a namespace on one of my Neutron nodes and of course in my setup this virtual router get's crucial for services.

Thanks for any infos about this.

I.

edit retag flag offensive close merge delete

Comments

Hi All, Do you have any plans to implements this?

Dariusz Tutaj gravatar imageDariusz Tutaj ( 2016-08-25 02:31:03 -0500 )edit