[Users] SPICE behind NAT

[Alan Murrell]

Quoting "Andrew Lau" <andrew at andrewklau.com>:

> Your value for SpiceDefaultProxy should be your external IP
> address/hostname otherwise external users will never know where to connect
> to.

So the spice proxy would be going out the firewall then looping back  
in (also known as "hairpinning"), which in my experience is usually a  
behaviour denied by many firewalls as standard, which is what I  
believe is happening here.

> This then becomes more of a firewall issue as you're spice proxy is

I agree.  Would you be willing to share the current IPTables rules on  
your external firewall so I can confirm this? (sanitised appropriately  
for actual IPs and/or hostnames, of course)  You can contact me  
off-list if you prefer.  This is more for curiousity/confirmation than  
anything else.

I know that when I was on the same LAN as the oVirt box, I had to edit  
my local hosts file to point the proxy value to the oVirt box itself  
for the remote-viewer to connect to the Windows desktop.

If that is indeed what is happening here, I think a better (and more  
universal) solution would be to have a VPN connection from the remote  
end user to the network where the oVirt/RHEV server is (site-to-site  
if the users are in an office and "road warrior" for remote  
individuals).  Not sure how much of a performance hit that might make,  
though.  Will need to do some testing.

> working. But just to confirm, if you open up console through chrome it
> should download a console.vv file rather than opening up remote-viewer
> natively, before you run it; open it with a text editor you'll see the
> proxy settings there.

I took a look and the proxy settings are correct.

> The windows issue is probably just related to non proper drives installed.

On the machine I am connecting from or the virtual machine I am  
connecting to?  I downloaded the client from the link here:

  http://www.spice-space.org/download.html

Is there a different SPICE client for Windows that is recommended?

-Alan