Yup - mine's behind NAT too.

Just install squid proxy and port forward the 3128 port through your firewall you should be all good. I believe with 3.4 you can now set the spiceproxy in the UI at cluster level.

Here's a quick snippet from my notes:

yum install squid

nano /etc/squid/squid.conf

# http_access deny CONNECT !SSL_ports

http_access deny CONNECT !Safe_ports

acl spice_servers dst 172.16.0.0/24

http_access allow spice_servers

service squid restart

chkconfig squid on

iptables -A INPUT -p tcp --dport 3128 -j ACCEPT

engine-config -s SpiceProxyDefault=http://public_ip_address:3128/

service ovirt-engine restart

On Fri, Feb 7, 2014 at 3:37 PM, Alan Murrell <lists@murrell.ca> wrote:

I have setup a test All-In-One install but it is behind a Linux NAT
firewall (IPTables). I have been reading about Spice-Proxy and know the
basics of setting it up (install squid, configure the ovirt engine
SpiceProxyDefault), however I just wanted to know how I would do this in
a NAT situation? Would I install Squid on the firewall? When I
configure SpiceProxyDefault on the ovirt-engine, I set it to use the
internal IP of the firewall/Squid? Anything else I would possibly need
to do?

-Alan
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users