<div dir="ltr">Why not just assign the host a publicly accessible IP address and restrict SSH by firewall so only the engine (and possibly you) can access through SSH?<div><br></div><div>James</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-16 23:03 GMT+01:00 Hanson <span dir="ltr"><<a href="mailto:hanson@andrewswireless.net" target="_blank">hanson@andrewswireless.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Guys,<br>
<br>
Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring.<br>
<br>
Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs).<br>
<br>
Is there a way to have the engine do the updates on the node using its internet connection, like a proxy?<br>
<br>
For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account.<br>
<br>
Thanks,<br>
<br>
Hanson<br>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
</blockquote></div><br></div>