[Users] SPICE behind NAT
Andrew Lau
andrew at andrewklau.com
Fri Feb 7 07:15:17 UTC 2014
Yup - mine's behind NAT too.
Just install squid proxy and port forward the 3128 port through your
firewall you should be all good. I believe with 3.4 you can now set the
spiceproxy in the UI at cluster level.
Here's a quick snippet from my notes:
yum install squid
nano /etc/squid/squid.conf
# http_access deny CONNECT !SSL_ports
http_access deny CONNECT !Safe_ports
acl spice_servers dst 172.16.0.0/24
http_access allow spice_servers
service squid restart
chkconfig squid on
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
engine-config -s SpiceProxyDefault=http://public_ip_address:3128/
service ovirt-engine restart
On Fri, Feb 7, 2014 at 3:37 PM, Alan Murrell <lists at murrell.ca> wrote:
> I have setup a test All-In-One install but it is behind a Linux NAT
> firewall (IPTables). I have been reading about Spice-Proxy and know the
> basics of setting it up (install squid, configure the ovirt engine
> SpiceProxyDefault), however I just wanted to know how I would do this in
> a NAT situation? Would I install Squid on the firewall? When I
> configure SpiceProxyDefault on the ovirt-engine, I set it to use the
> internal IP of the firewall/Squid? Anything else I would possibly need
> to do?
>
> -Alan
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140207/d8289de4/attachment-0001.html>
More information about the Users
mailing list