System Status
Buy Now
  • Rackspace Cloud
  • Email & Apps
  • Fanatical Support for AWS
  • Managed Google Cloud Platform
  • Office 365
Login
  • MyRackspace Portal
  • Cloud Control Panel
  • Rackspace Webmail Login
  • Cloud Office Control Panel
  • Support Home
  • How-To
  • Developer Documentation
  •  Blogs 
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership

Support Network

End-to-End Multicloud Solutions.   Solving Together.â„¢   Learn more at Rackspace.com

How–To Home

Cloud Networks

  • Introduction
  • FAQ
  • All Articles

Accessing Rackspace Services Via Isolated Networks through the Vyatta Network Appliance

Last updated on:  2014-03-06

Authored by:  Sameer Satyam


Introduction

In order to access Rackspace services from your cloud servers, you traditionally need the servers to be connected to ServiceNet and/or Public interfaces. It is possible to detach your servers from either of these networks and have servers be connected only to isolated network interfaces if you want to restrict access to them. However, this would cause you to lose access to some Rackspace services.

The following article describes what services are impacted by disconnecting Public and/or SNET interfaces from your cloud servers:

  • Removing networks from a Cloud Server

Vyatta Network Appliance

The Vyatta network appliance provides you with an easy-to-configure firewall, advanced networking and VPN capabilities in addition to increased security in the Cloud. Using this appliance , you can detach your servers from Public and SNET interfaces and still retain access to Rackspace services. In this article you will see how this can be accomplished.

Accessing Rackspace services using NAT on the Vyatta appliance

In the below setup the cloud server is connected only on the isolated network (cloud network). The Vyatta is also on the same cloud network and is used as the default gateway by the server in question. The Vyatta appliance is connected to all three networks (Public, SNET and Isolated).

The table below summarizes what services can be accessed if the Vyatta is configured as described in the next section:

Service Works?
Cloud Backup Yes
Cloud Databases Yes
Cloud Files Yes
Cloud Monitoring No
Managed Cloud Service Level No *
Operating System Updates Yes
RackConnect No *
Windows Activation Yes

*Vyatta Network appliance is not available for this service.

Configuration

In order for the services listed in the table above to work as explained, the Vyatta appliance needs to be configured with Source NAT. For a more comprehensive explanation of Source NAT configuration, visit the following link:

  • Enable internet access on Cloud Servers using SNAT on a Vyatta Network appliance

Note: The cloud servers are on the isolated interface 192.168.1.0/24 and they are using the Vyatta network appliance as their default gateway

Login to the Vyatta appliance and enter configuration mode:

$ ssh vyatta@x.x.x.x
Welcome to Vyatta
vyatta@x.x.x.x's password:
Welcome to Vyatta
Version:      VSE6.5R2
Description:  Vyatta Subscription Edition 6.5 R2
Copyright:    2006-2012 Vyatta, Inc.
Last login: Thu May  2 04:48:29 2013 from x.x.x.x
vyatta@vyatta-thefinal:~$
vyatta@vyatta-thefinal:~$ configure
[edit]
vyatta@vyatta-thefinal#

Configure Source NAT for ServiceNet traffic. eth1 is the SNET interface on the Vyatta. Any traffic going out via SNET will now use a source IP of the SNET interface on the Vyatta.

set nat source rule 10 outbound-interface 'eth1'
set nat source rule 10 protocol 'all'
set nat source rule 10 source address '192.168.1.0/24'
set nat source rule 10 translation address 'masquerade'

Configure Source NAT for PublicNet traffic. eth0 is the Public interface on the Vyatta. Any traffic going out via PublicNet will now use a source IP of the Public interface on the Vyatta.

set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 protocol 'all'
set nat source rule 20 source address '192.168.1.0/24'
set nat source rule 20 translation address 'masquerade'

This simple configuration should allow you to access the services listed in the table. You may also want to configure firewall policies on the Vyatta appliance. For configuration assistance of firewall policies on Vyatta please visit the following article:

  • Configuring interface-based firewall on the Vyatta Network appliance

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

About Rackspace
  • About
  • Customer Stories
  • Events
  • Programs
Blogs
  • The Rackspace Blog
  • Technical Blog
  • Solve: Thought Leadership
  • News
  • Contact Information
  • Legal
  • Careers
Site Information
  • Style Guide for Technical Content
  • Trademarks
  • Privacy Statement
  • Website Terms
Support Network
  • Support Network Home
  • Rackspace How-To
  • API Documentation
  • Developer Center
  • ©2020 Rackspace US, Inc.