we are receiving lots of requests from customers that need to use one virtual machine as a router / nat / vpn server for other virtual machines on the cloud that have only private IPs. Currently if we want to provide such option, we have to create custom iptables rules on the hypervisor where the router VM is running. However, this is not a stable solution, because we can not create the same rules on all Hypervisors - the rule is referring the interface name which is present only on the HV where the VM is running. So such machine can't make use of fail over, hot migration etc. I mean that this workaround is not applicable to production cloud.
Considering how many requests for this configuration we are receiving, it would be great if you enable such functionality. Then there are distributions that could be brought to the cloud - pfsense (currently there is only beta for xen), untangle and others.
Best regards !
Please sign in to leave a comment.