[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift deployment behind NAT firewall



It should be the case that OpenShift references DNS wherever possible. If you need to make this internal/external distinction (refer to nodes by internal IPs internally and external IPs externally) then you really need to do it at the DNS level, i.e. split DNS. Gear DNS names are just aliases to node DNS (CNAMEs), so you only need to implement the split DNS for the node IPs.

----- Original Message -----
From: "Alexander Grzesik" <alexander grzesik medisite de>
To: dev lists openshift redhat com
Sent: Friday, January 16, 2015 11:49:32 AM
Subject: OpenShift deployment behind NAT firewall





Hi, 



I have a problem installing OpenShift Origin Milestone 4 on a server behind a firewall that does some ip NATing. 

The scenario is this: 

I have a broker and a node inside a virtual network at a hosting provider, both have internal IP addresses and can reach each other. 

Both servers have a public IP provided by the hoster. 

The servers can reach each other via the public IP. 

What is prevented by the hosting provider firewall due to security reasons, is that a machine can reach itself via its public ip. 

I installed OpenShift and set PUBLIC_IP in node.conf to the real public IP of the node and this IP also matches to the DNS entry for the node, so the node can be reached from the outside. 

The problem is that the Gears cannot reach each other via the public ip configured. I have a scaled App with a webserver and a database gear both on the same node (I have only one node). The webserver gear tries to reach the db via it GEAR_DNS entry which points to the node dns entry and the public ip. Due to the mentioned firewall restriction, the webserver cannot reach its DB via this IP. I also have a second application gear that should send to REST Request to my webserver Gear, which does not work either. 

I already tried to change network settings, hosts file entries etc. to map internal requests to the internal IP of the node, but without success. 

My question is now, if anyone has experience in configuring OpenShift to use an internal IP address for internal node communication, but an external IP for accessing the apps from the outside? 

Any ideas are welcome. 

Thank You 

Alexander 
_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]