<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Yup - mine's behind NAT too.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">
Just install squid proxy and port forward the 3128 port through your firewall you should be all good. I believe with 3.4 you can now set the spiceproxy in the UI at cluster level.</div><div class="gmail_extra"><br></div>
<div class="gmail_extra">
<div class="gmail_default" style="font-family:tahoma,sans-serif">Here's a quick snippet from my notes:</div><div class="gmail_default"><font face="tahoma, sans-serif">yum install squid</font></div><div class="gmail_default">
<font face="tahoma, sans-serif">nano /etc/squid/squid.conf</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><span class="" style="white-space:pre"> </span># http_access deny CONNECT !SSL_ports</font></div>
<div class="gmail_default"><font face="tahoma, sans-serif"><span class="" style="white-space:pre"> </span>http_access deny CONNECT !Safe_ports</font></div><div class="gmail_default"><span class="" style="white-space:pre"><font face="tahoma, sans-serif"> </font></span></div>
<div class="gmail_default"><font face="tahoma, sans-serif"><span class="" style="white-space:pre"> </span>acl spice_servers dst <a href="http://172.16.0.0/24">172.16.0.0/24</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif"><span class="" style="white-space:pre"> </span>http_access allow spice_servers</font></div>
<div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">service squid restart</font></div><div class="gmail_default"><font face="tahoma, sans-serif">chkconfig squid on</font></div>
<div class="gmail_default"><font face="tahoma, sans-serif">iptables -A INPUT -p tcp --dport 3128 -j ACCEPT</font></div><div class="gmail_default"><font face="tahoma, sans-serif">engine-config -s SpiceProxyDefault=<a href="http://public_ip_address:3128/">http://public_ip_address:3128/</a></font></div>
<div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">service ovirt-engine restart</font><span style="font-family:tahoma,sans-serif"></span></div>
<div class="gmail_default"><span style="font-family:tahoma,sans-serif"><br></span></div><br><div class="gmail_quote">On Fri, Feb 7, 2014 at 3:37 PM, Alan Murrell <span dir="ltr"><<a href="mailto:lists@murrell.ca" target="_blank">lists@murrell.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I have setup a test All-In-One install but it is behind a Linux NAT<br>
firewall (IPTables). I have been reading about Spice-Proxy and know the<br>
basics of setting it up (install squid, configure the ovirt engine<br>
SpiceProxyDefault), however I just wanted to know how I would do this in<br>
a NAT situation? Would I install Squid on the firewall? When I<br>
configure SpiceProxyDefault on the ovirt-engine, I set it to use the<br>
internal IP of the firewall/Squid? Anything else I would possibly need<br>
to do?<br>
<br>
-Alan<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>