Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2015-07-09 03:24:27 -0500

imarino gravatar image

Neutron port forwarding (qrouter -> VMs)

Hi all, i actually have been able to enable some kind of NAT port forwarding inside the qrouter namespace:

% sudo ip netns exec qrouter-xxxxxxxx-xxxxxxxx-xxxxxxxx iptables -A PREROUTING -t nat -p tcp --dport 2222 -j DNAT --to 172.16.0.4:22

The qrouter-xxxxxxxx is directly connected to br-ex and has this way a public IP so I can basically do things like:

% ssh qrouter-public-ip -p 2222

and land directly on internal VM 172.16.0.4 on port 22, this works fine. Idea is to forward port 22XY where XY are reserved for each VM where I need ssh access:

% ssh qrouter-public-ip -p 2222 -> TENANT1 VM1 % ssh qrouter-public-ip -p 2223 -> TENANT1 VM2 % ssh qrouter-public-ip -p 2224 -> TENANT2 VM2

and so on. All this in order to avoid an extra jump station with another "wasted" public IP.

Now, question: How/where are iptables on qrouter-xxxxxxxx saved? Will they be lost when qrouter-xxxxxxxx restarts? And when/why should qrouter-xxxxxxxx restart?

Actually qrouter-xxxxxxxx "lives" on a namespace on one of my Neutron nodes and of course in my setup this virtual router get's crucial for services.

Thanks for any infos about this.

I.

Neutron port forwarding (qrouter -> VMs)

Hi all, i actually have been able to enable some kind of NAT port forwarding inside the qrouter namespace:

% sudo ip netns exec qrouter-xxxxxxxx-xxxxxxxx-xxxxxxxx iptables -A PREROUTING -t nat -p tcp --dport 2222 -j DNAT --to 172.16.0.4:22

The qrouter-xxxxxxxx is directly connected to br-ex and has this way a public IP so I can basically do things like:

% ssh qrouter-public-ip -p 2222

and land directly on internal VM 172.16.0.4 on port 22, this works fine. Idea is to forward port 22XY where XY are reserved for each VM where I need ssh access:

% ssh qrouter-public-ip -p 2222 -> TENANT1 VM1 VM1

% ssh qrouter-public-ip -p 2223 -> TENANT1 VM2 VM2

% ssh qrouter-public-ip -p 2224 -> TENANT2 VM2

and so on. All this in order to avoid an extra jump station with another "wasted" public IP.

Now, question: How/where are iptables on qrouter-xxxxxxxx saved? Will they be lost when qrouter-xxxxxxxx restarts? And when/why should qrouter-xxxxxxxx restart?

Actually qrouter-xxxxxxxx "lives" on a namespace on one of my Neutron nodes and of course in my setup this virtual router get's crucial for services.

Thanks for any infos about this.

I.

Neutron port forwarding (qrouter -> VMs)

Hi all, i actually have been able to enable some kind of NAT port forwarding inside the qrouter namespace:

% sudo ip netns exec qrouter-xxxxxxxx-xxxxxxxx-xxxxxxxx qrouter-xxxxxxxx iptables -A PREROUTING -t nat -p tcp --dport 2222 -j DNAT --to 172.16.0.4:22

The qrouter-xxxxxxxx is directly connected to br-ex and has this way a public IP so I can basically do things like:

% ssh qrouter-public-ip -p 2222

and land directly on internal VM 172.16.0.4 on port 22, this works fine. Idea is to forward port 22XY where XY are reserved for each VM where I need ssh access:

% ssh qrouter-public-ip -p 2222 -> TENANT1 VM1

% ssh qrouter-public-ip -p 2223 -> TENANT1 VM2

% ssh qrouter-public-ip -p 2224 -> TENANT2 VM2

and so on. All this in order to avoid an extra jump station with another "wasted" public IP.

Now, question: How/where are iptables on qrouter-xxxxxxxx saved? Will they be lost when qrouter-xxxxxxxx restarts? And when/why should qrouter-xxxxxxxx restart?

Actually qrouter-xxxxxxxx "lives" on a namespace on one of my Neutron nodes and of course in my setup this virtual router get's crucial for services.

Thanks for any infos about this.

I.

Neutron port forwarding (qrouter -> VMs)

Hi all, i actually have been able to enable some kind of NAT port forwarding inside the qrouter namespace:

% sudo ip netns exec qrouter-xxxxxxxx qrouter-xxxxxxxx iptables -A PREROUTING -t nat -p tcp tcp --dport 2222 -j DNAT --to 172.16.0.4:22

The qrouter-xxxxxxxx is directly connected to br-ex and has this way a public IP so I can basically do things like:

% ssh qrouter-public-ip -p 2222

and land directly on internal VM 172.16.0.4 on port 22, this works fine. Idea is to forward port 22XY where XY are reserved for each VM where I need ssh access:

% ssh qrouter-public-ip -p 2222 -> -> TENANT1 VM1

% ssh qrouter-public-ip -p 2223 -> -> TENANT1 VM2

% ssh qrouter-public-ip -p 2224 -> -> TENANT2 VM2

and so on. All this in order to avoid an extra jump station with another "wasted" public IP.

Now, question: How/where are iptables on qrouter-xxxxxxxx saved? Will they be lost when qrouter-xxxxxxxx restarts? And when/why should qrouter-xxxxxxxx restart?

Actually qrouter-xxxxxxxx "lives" on a namespace on one of my Neutron nodes and of course in my setup this virtual router get's crucial for services.

Thanks for any infos about this.

I.