VM Gateway on top of Openstack VM

README.md

General

You want to create an Ubuntu VM on top of openstack as a Instance Gateway

Goals

My instance in openstack must be connected to the internet (0.0.0.0/0) via VM Gateway because only from this gateway is internet connection allowed, but apart from that my instance still needs to be able to connect to the client aka be able to SSH.

Topology

• Segment 192.168.203.0/24
• Gateway 192.168.203.1
• VM Gateway 192.168.203.2
• VM Instance Dummy 192.168.203.190

Create Ubuntu VM for Gateway & Instance Dummy

• Create instance on Openstack

• Disable port-security for VM gateway & Instance

  openstack port list
  openstack port set --disable-port-security <port_id>
  

• Netplan for VM Gateway

network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            mtu: 1500
            set-name: ens3

• Netplan for Instance

network:
  version: 2
  ethernets:
    ens3:
      dhcp4: false
      addresses:
        - 192.168.203.190/24
      gateway4: 192.168.203.2
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4
      routes:
        - to: 192.168.203.0/24
          via: 192.168.203.1
          on-link: true

Set NAT & IPTables on VM Gateway

sudo iptables -A FORWARD -i ens3 -o tun0 -j ACCEPT 
sudo iptables -A FORWARD -i tun0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o tun0 -s 192.168.203.0/24 -j MASQUERADE

Activate IP Forwarding on VM Gateway

sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1
sudo sysctl -p

Test connection from Instance

netplan apply
ping 1.1.1.1

Windows Server Case

You can use this for Windows Server, you can leave 192.168.203.2 for Gateway. But you must add route first to your Gateway remote like

route -p add 192.168.203.0 mask 255.255.255.0 192.168.203.1