<p dir="ltr">You just need some proper DST and SRC Nat rules and you should be fine.</p>
<p dir="ltr">I use mikrotik so its slightly different but the same concept applies. For windows, I don't know, never really cared much as no one uses windows on our ovirt setup :) </p>
<p dir="ltr">But the client tools you linked are for the client accessing the spice session.</p>
<div class="gmail_quote">On Feb 14, 2014 3:20 AM, "Alan Murrell" <<a href="mailto:alan@murrell.ca">alan@murrell.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Quoting "Andrew Lau" <<a href="mailto:andrew@andrewklau.com" target="_blank">andrew@andrewklau.com</a>>:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Your value for SpiceDefaultProxy should be your external IP<br>
address/hostname otherwise external users will never know where to connect<br>
to.<br>
</blockquote>
<br>
So the spice proxy would be going out the firewall then looping back in (also known as "hairpinning"), which in my experience is usually a behaviour denied by many firewalls as standard, which is what I believe is happening here.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This then becomes more of a firewall issue as you're spice proxy is<br>
</blockquote>
<br>
I agree. Would you be willing to share the current IPTables rules on your external firewall so I can confirm this? (sanitised appropriately for actual IPs and/or hostnames, of course) You can contact me off-list if you prefer. This is more for curiousity/confirmation than anything else.<br>
<br>
I know that when I was on the same LAN as the oVirt box, I had to edit my local hosts file to point the proxy value to the oVirt box itself for the remote-viewer to connect to the Windows desktop.<br>
<br>
If that is indeed what is happening here, I think a better (and more universal) solution would be to have a VPN connection from the remote end user to the network where the oVirt/RHEV server is (site-to-site if the users are in an office and "road warrior" for remote individuals). Not sure how much of a performance hit that might make, though. Will need to do some testing.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
working. But just to confirm, if you open up console through chrome it<br>
should download a console.vv file rather than opening up remote-viewer<br>
natively, before you run it; open it with a text editor you'll see the<br>
proxy settings there.<br>
</blockquote>
<br>
I took a look and the proxy settings are correct.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The windows issue is probably just related to non proper drives installed.<br>
</blockquote>
<br>
On the machine I am connecting from or the virtual machine I am connecting to? I downloaded the client from the link here:<br>
<br>
<a href="http://www.spice-space.org/download.html" target="_blank">http://www.spice-space.org/<u></u>download.html</a><br>
<br>
Is there a different SPICE client for Windows that is recommended?<br>
<br>
-Alan<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
</blockquote></div>