-
Notifications
You must be signed in to change notification settings - Fork 17
vr_nat4
Ruben S. Montero edited this page Feb 5, 2024
·
8 revisions
You can enable this feature to provide the VMs behind the Virtual Router with Internet access. This feature enables MASQUERADE in the POSTROUTING iptables chain.
Figure 1, depicts the typical LAN topology:
Public Network
┌───────────────────────
│
┌──┴─┐
┌──┤eth0├──┐
│ └────┘ │
│ Virtual │
│ │
│ Router │
│ ┌────┐ │
└──┤eth1├──┘
└─┬──┘
│ private network (e.g. 192.168.0.0/24)
└────┬───────────┬────────────┬──────────
│ │ │
┌──┴──┐ ┌──┴──┐ ┌──┴──┐
│ │ │ │ │ │
│ VM1 │ │ VM1 │ │ VM1 │
│ │ │ │ │ │
└─────┘ └─────┘ └─────┘
The following attributes control the basic configuration for NAT'ing:
-
ONEAPP_VNF_NAT4_ENABLEDto activate the module -
ONEAPP_VNF_NAT4_INTERFACES_OUTdefines the public interface
For example, for the example above simply add:
CONTEXT = [
...
ONEAPP_VNF_NAT4_ENABLED = "YES",
ONEAPP_VNF_NAT4_INTERFACES_OUT = "eth0",
...
]Gives:
$ iptables -t nat -vnL NAT4
Chain NAT4 (1 references)
pkts bytes target prot opt in out source destination
12345 6789K MASQUERADE 0 -- * eth0 0.0.0.0/0 0.0.0.0/0| Parameter | Default | Description |
|---|---|---|
ONEAPP_VNF_NAT4_ENABLED |
NO |
Enable/Disable NAT feature (YES/NO) |
ONEAPP_VNF_NAT4_INTERFACES_OUT |
no NICs |
Mandatory: Outgoing NICs for NAT (<[!]ethX> ...) |
- OpenNebula Apps Overview
- OS Appliances Update Policy
- OneApps Quick Intro
- Build Instructions
- Linux Contextualization Packages
- Windows Contextualization Packages
- OneKE (OpenNebula Kubernetes Edition)
- Virtual Router
- Overview & Release Notes
- Quick Start
- OpenRC Services
- Virtual Router Modules
- Glossary
- WordPress
- Harbor Container Registry
- MinIO
- Ray AI
- Development