Question:
How can I set up a router inside my cloud?
Environment
OnApp 5.x
Solution
Starting from OnApp version 5.3, this functionality is included in the feature called Virtual Server as a Gateway
For other versions, here is a workaround:
If you are going to add these rules, they need to be in place at least on the HV where the router will be hosted, but it is recommended that you have them on all HVs.
The rule should look like this:
iptables -A FORWARD -s <ip_vm> -j ACCEPT
where <ip_vm> - ip address of the VM (or VMs' network) that is getting to the internet via the router in the cloud.
You should also be aware that the iptables service is turned off on the HVs. If you need these rules enabled after rebooting, you would need to add them to the end of /etc/rc.local.
Additional Information
The reason a rule like this is necessary for this situation is because of how IP routing works in the OnApp environment.
Each VM's network interface is its own chain in the firewall. In this chain you can add rules using the CP from the GUI. However, only IP packets with the destination address of the VM can be put into the VM's chain. The default policy of FORWARD is DROP. So if the IP packet isn't put into a VM's chain, it is automatically dropped.