Version 6 (modified by ibaldin, 8 years ago)


Using Shorewall DNAT proxy with ORCA


Support for Shorewall DNAT proxy is integrated into ORCA's EC2 handler that operates on Eucalyptus/NEuca installations. All configuration parameters are located in the file. Parts of that file relevant to Shorewall proxy are shown below.

Proxy configuration (Camano 3.0+)

The handler support configuring a proxy for the created instance for situations when instances are created within a private address space separated from the public Internet. Currently SHOREWALL-DNAT proxy is supported. The following properties are used by the handler (specified in, see NEuca handler):

  • Whether proxy should be used at all (true|false)
  • The type of proxy (currently supported types: 'SHOREWALL-DNAT')
  • IP address of proxy host
  • Username on the proxy authorized to make configuration changes
  • Filename containing private SSH key of the authorized user (absolute path)
  • Path to shorewall scripts on proxy

Fore more details see NEuca handler and NEuca handler testing.


Shorewall DNAT proxy output is returned by ORCA in unit.manage.ip and unit.manage.port properties returned to the user.