How can I set up a router internal to my cloud?
Starting from 5.3, there is a feature which allows this. It is called Virtual Server as a Gateway
For other versions, here is a workaround:
If you are going to add these rules, they need to be in place at least on the HV where the router will be hosted, but it is recommended that you have them on all HVs.
The rule should look like this:
iptables -A FORWARD -s <ip_vm> -j ACCEPT
where <ip_vm> - ip address of VM (or VMs' network) that are got to
internet via router in cloud.
You should also be aware that the iptables service is turned off on the HVs. If you need these rules enabled after rebooting you would have to add them to the end of /etc/rc.local
The reason a rule like this is necessary for this situation is because of how IP routing works in the OnApp environment.
Each VM's network interface is it's own chain in the firewall. In this chain you can add rules using the CP from the GUI. However, only IP packets with the destination address of the VM can be put into the VM's chain. The default policy of FORWARD is DROP. So if the IP packet isn't put into a VM's chain it is automatically dropped.