I have setup a test All-In-One install but it is behind a Linux NAT firewall (IPTables). I have been reading about Spice-Proxy and know the basics of setting it up (install squid, configure the ovirt engine SpiceProxyDefault), however I just wanted to know how I would do this in a NAT situation? Would I install Squid on the firewall? When I configure SpiceProxyDefault on the ovirt-engine, I set it to use the internal IP of the firewall/Squid? Anything else I would possibly need to do? -Alan
Yup - mine's behind NAT too. Just install squid proxy and port forward the 3128 port through your firewall you should be all good. I believe with 3.4 you can now set the spiceproxy in the UI at cluster level. Here's a quick snippet from my notes: yum install squid nano /etc/squid/squid.conf # http_access deny CONNECT !SSL_ports http_access deny CONNECT !Safe_ports acl spice_servers dst 172.16.0.0/24 http_access allow spice_servers service squid restart chkconfig squid on iptables -A INPUT -p tcp --dport 3128 -j ACCEPT engine-config -s SpiceProxyDefault=http://public_ip_address:3128/ service ovirt-engine restart On Fri, Feb 7, 2014 at 3:37 PM, Alan Murrell <lists@murrell.ca> wrote:
I have setup a test All-In-One install but it is behind a Linux NAT firewall (IPTables). I have been reading about Spice-Proxy and know the basics of setting it up (install squid, configure the ovirt engine SpiceProxyDefault), however I just wanted to know how I would do this in a NAT situation? Would I install Squid on the firewall? When I configure SpiceProxyDefault on the ovirt-engine, I set it to use the internal IP of the firewall/Squid? Anything else I would possibly need to do?
-Alan _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Alan Murrell -
Andrew Lau