[Users] SPICE behind NAT

Andrew Lau andrew at andrewklau.com
Fri Feb 14 00:38:53 UTC 2014 

You just need some proper DST and SRC Nat rules and you should be fine.

I use mikrotik so its slightly different but the same concept applies. For
windows, I don't know, never really cared much as no one uses windows on
our ovirt setup :)

But the client tools you linked are for the client accessing the spice
session.
On Feb 14, 2014 3:20 AM, "Alan Murrell" <alan at murrell.ca> wrote:

> Quoting "Andrew Lau" <andrew at andrewklau.com>:
>
>  Your value for SpiceDefaultProxy should be your external IP
>> address/hostname otherwise external users will never know where to connect
>> to.
>>
>
> So the spice proxy would be going out the firewall then looping back in
> (also known as "hairpinning"), which in my experience is usually a
> behaviour denied by many firewalls as standard, which is what I believe is
> happening here.
>
>  This then becomes more of a firewall issue as you're spice proxy is
>>
>
> I agree.  Would you be willing to share the current IPTables rules on your
> external firewall so I can confirm this? (sanitised appropriately for
> actual IPs and/or hostnames, of course)  You can contact me off-list if you
> prefer.  This is more for curiousity/confirmation than anything else.
>
> I know that when I was on the same LAN as the oVirt box, I had to edit my
> local hosts file to point the proxy value to the oVirt box itself for the
> remote-viewer to connect to the Windows desktop.
>
> If that is indeed what is happening here, I think a better (and more
> universal) solution would be to have a VPN connection from the remote end
> user to the network where the oVirt/RHEV server is (site-to-site if the
> users are in an office and "road warrior" for remote individuals).  Not
> sure how much of a performance hit that might make, though.  Will need to
> do some testing.
>
>  working. But just to confirm, if you open up console through chrome it
>> should download a console.vv file rather than opening up remote-viewer
>> natively, before you run it; open it with a text editor you'll see the
>> proxy settings there.
>>
>
> I took a look and the proxy settings are correct.
>
>  The windows issue is probably just related to non proper drives installed.
>>
>
> On the machine I am connecting from or the virtual machine I am connecting
> to?  I downloaded the client from the link here:
>
>  http://www.spice-space.org/download.html
>
> Is there a different SPICE client for Windows that is recommended?
>
> -Alan
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140214/7c0e5c7e/attachment-0001.html>

More information about the Users mailing list