How can I make a VS as NAT gateway for other VSs
All versions of OnApp
For example, we have two VSs connected to internal network 10.10.10.0/24. The gateway VS also has secondary interface with Public IP address, so it should allow configuring NAT and providing internet connection for other VSs with only internal IPs.
To make VS as NAT gateway for other VSs:
Create iptables configuration file (/etc/sysconfig/iptables) on all hypervisors.
Apply appropriate rules after hypervisor reboots (For cloudboot hypervisor, skip to step 3):
>>># cat /etc/sysconfig/iptables
if1p8iij4l1xoe – virtual interface of gateway VS from internal network
10.10.10.0/24 - internal network or single IP of other internal VS.
Apply iptables rules manually for running hypervisors (if cloudboot, also add these to the custom config):
# iptables -I FORWARD 1 -s 10.10.10.0/24 -m physdev --physdev-out if1p8iij4l1xoe -j ACCEPT
# iptables -I FORWARD 1 -d 10.10.10.0/24 -m physdev --physdev-in if1p8iij4l1xoe -j ACCEPT
To make "VS as NAT gateway for other VSs" feature working, the "Enable KVM antispoofing" option should be disabled.