search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
2.1k stars 1.11k forks source link

Public - IP's cannot add firewall rules with static nat with guest VM #8816

Closed kedupuganti-kub closed 5 months ago

kedupuganti-kub commented 8 months ago
ISSUE TYPE
COMPONENT NAME
UI
CLOUDSTACK VERSION
4.19
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

Sucessfully created the Zone with KVM environment along with Public IP's which is able to get the connectivity from firewall. Created VPC and attached the Public ip to Guest instances. But here is the problem where unable to add the firewall rules to public ip which is static nat to instances.

Iam getting the error " There is no new provider for IP X.X.X.X of service Firewall!"

STEPS TO REPRODUCE

Please find the snap for your reference.

image

image

EXPECTED RESULTS
 need to add the firewall rules for static ip assighned to guest VM
ACTUAL RESULTS

Not able to add the firewall rules for static ip assighned to guest VM

Please help urgent help needed. I need to submit to client
weizhouapache commented 8 months ago

Unfortunately firewall is not supported for vpc. You can use isolated networks instead.

It has been added to backlog.

kedupuganti-kub commented 8 months ago

Where i can exactly add the firewall rules can you pleas guid me.

If you help me that will be great i need to give this to my client.

kedupuganti-kub commented 8 months ago

Exactly need to add the firewall rules for per VM rather than whole VPC

kedupuganti-kub commented 8 months ago

when add the firewall rules "There is no new provider for IP 10.2.19.183 of service Firewall!" I am adding firewall rules for Public ip which stactic nat to guest VM

Please go thorugh the snap

image

kedupuganti-kub commented 8 months ago

Just trying to open the port

kedupuganti-kub commented 8 months ago

some firewall is not working

image

kedupuganti-kub commented 8 months ago

Please help on this

DaanHoogland commented 7 months ago

Unfortunately firewall is not supported for vpc. You can use isolated networks instead.

It has been added to backlog.

Please help on this

@kedupuganti-kub it is not supported as @weizhouapache sugests, you can use isolated networks instead.

rohityadavcloud commented 5 months ago

@kedupuganti-kub IP-based firewalls aren't supported in VPCs, instead VPCs have ACLs, each VPC tier has a network ACL which are basically ingress/egress firewall rules. You can accomplish firewall rules via ACLs, please refer to https://docs.cloudstack.apache.org/en/4.19.0.0/adminguide/networking/virtual_private_cloud_config.html#configuring-network-access-control-list

Adding support for IP-based firewalls in VPC will be a larger feature, cannot be done under the remit of bug fixing.

If you're unsatisfied with my response, pl feel free to re-open the issue and advise further.

weizhouapache commented 5 months ago

there is a new feature request: #8863 if you are interested, please keep an eye on it