| # SOME DESCRIPTIVE TITLE. |
| # Copyright (C) 2016, Apache Software Foundation |
| # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. |
| # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
| # |
| #, fuzzy |
| msgid "" |
| msgstr "" |
| "Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n" |
| "Report-Msgid-Bugs-To: \n" |
| "POT-Creation-Date: 2016-08-22 13:55+0200\n" |
| "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
| "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
| "Language-Team: LANGUAGE <LL@li.org>\n" |
| "MIME-Version: 1.0\n" |
| "Content-Type: text/plain; charset=UTF-8\n" |
| "Content-Transfer-Encoding: 8bit\n" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:18 |
| msgid "IP Forwarding and Firewalling" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:20 |
| msgid "By default, all incoming traffic to the public IP address is rejected. All outgoing traffic from the guests is also blocked by default." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:23 |
| msgid "To allow outgoing traffic, follow the procedure in :ref:`egress-fw-rules`." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:25 |
| msgid "To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:35 |
| msgid "Firewall Rules" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:37 |
| msgid "By default, all incoming traffic to the public IP address is rejected by the firewall. To allow external traffic, you can open firewall ports by specifying firewall rules. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:43 |
| msgid "You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See `\"Adding a Security Group\" <#adding-a-security-group>`_." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:48 |
| msgid "In an advanced zone, you can also create egress firewall rules by using the virtual router. For more information, see \":ref:`egress-fw-rules`\"." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:51 |
| msgid "Firewall rules can be created using the Firewall tab in the Management Server UI. This tab is not displayed by default when CloudStack is installed. To display the Firewall tab, the CloudStack administrator must set the global configuration parameter firewall.rule.ui.enabled to \"true.\"" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:57 |
| msgid "To create a firewall rule:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:59 |
| #: ../../networking/ip_forwarding_and_firewalling.rst:132 |
| #: ../../networking/ip_forwarding_and_firewalling.rst:245 |
| msgid "Log in to the CloudStack UI as an administrator or end user." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:61 |
| #: ../../networking/ip_forwarding_and_firewalling.rst:134 |
| msgid "In the left navigation, choose Network." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:63 |
| msgid "Click the name of the network where you want to work with." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:65 |
| msgid "Click View IP Addresses." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:67 |
| msgid "Click the IP address you want to work with." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:69 |
| msgid "Click the Configuration tab and fill in the following values." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:71 |
| msgid "**Source CIDR**: (Optional) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. Example: 192.168.0.0/22. Leave empty to allow all CIDRs." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:76 |
| msgid "**Protocol**: The communication protocol in use on the opened port(s)." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:79 |
| msgid "**Start Port and End Port**: The port(s) you want to open on the firewall. If you are opening a single port, use the same number in both fields" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:83 |
| msgid "**ICMP Type and ICMP Code**: Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:88 |
| #: ../../networking/ip_forwarding_and_firewalling.rst:163 |
| #: ../../networking/ip_forwarding_and_firewalling.rst:276 |
| msgid "Click Add." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:94 |
| msgid "Egress Firewall Rules in an Advanced Zone" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:96 |
| msgid "The egress traffic originates from a private network to a public network, such as the Internet. By default, the egress traffic is blocked in default network offerings, so no outgoing traffic is allowed from a guest network to the Internet. However, you can control the egress traffic in an Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, the traffic specific to the rule is allowed and the remaining traffic is blocked. When all the firewall rules are removed the default policy, Block, is applied." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:107 |
| msgid "Prerequisites and Guidelines" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:109 |
| msgid "Consider the following scenarios to apply egress firewall rules:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:111 |
| msgid "Egress firewall rules are supported on Juniper SRX and virtual router." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:114 |
| msgid "The egress firewall rules are not supported on shared networks." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:116 |
| msgid "Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest network CIDR." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:119 |
| msgid "Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:121 |
| msgid "Allow the egress traffic with protocol and destination port range. The port range is specified for TCP, UDP or for ICMP type and code." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:124 |
| msgid "The default policy is Allow for the new network offerings, whereas on upgrade existing network offerings with firewall service providers will have the default egress policy Deny." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:130 |
| msgid "Configuring an Egress Firewall Rule" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:136 |
| msgid "In Select view, choose Guest networks, then click the Guest network you want." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:139 |
| msgid "To add an egress rule, click the Egress rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this guest network:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:143 |
| msgid "|egress-firewall-rule.png|" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:145 |
| msgid "**CIDR**: (Add by CIDR only) To send traffic only to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:151 |
| msgid "**Protocol**: The networking protocol that VMs uses to send outgoing traffic. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:156 |
| msgid "**Start Port, End Port**: (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:160 |
| msgid "**ICMP Type, ICMP Code**: (ICMP only) The type of message and error code that are sent." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:167 |
| msgid "Configuring the Default Egress Policy" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:169 |
| msgid "The default egress policy for Isolated guest network is configured by using Network offering. Use the create network offering option to determine whether the default policy should be block or allow all the traffic to the public network from a guest network. Use this network offering to create the network. If no policy is specified, by default all the traffic is allowed from the guest network that you create by using this network offering." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:177 |
| msgid "You have two options: Allow and Deny." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:180 |
| msgid "Allow" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:182 |
| msgid "If you select Allow for a network offering, by default egress traffic is allowed. However, when an egress rule is configured for a guest network, rules are applied to block the specified traffic and rest are allowed. If no egress rules are configured for the network, egress traffic is accepted." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:189 |
| msgid "Deny" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:191 |
| msgid "If you select Deny for a network offering, by default egress traffic for the guest network is blocked. However, when an egress rules is configured for a guest network, rules are applied to allow the specified traffic. While implementing a guest network, CloudStack adds the firewall egress rule specific to the default egress policy for the guest network." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:198 |
| msgid "This feature is supported only on virtual router and Juniper SRX." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:200 |
| msgid "Create a network offering with your desirable default egress policy:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:202 |
| msgid "Log in with admin privileges to the CloudStack UI." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:204 |
| msgid "In the left navigation bar, click Service Offerings." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:206 |
| msgid "In Select Offering, choose Network Offering." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:208 |
| msgid "Click Add Network Offering." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:210 |
| msgid "In the dialog, make necessary choices, including firewall provider." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:213 |
| msgid "In the Default egress policy field, specify the behaviour." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:215 |
| msgid "Click OK." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:217 |
| msgid "Create an isolated network by using this network offering." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:219 |
| msgid "Based on your selection, the network will have the egress public traffic blocked or allowed." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:224 |
| msgid "Port Forwarding" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:226 |
| msgid "A port forward service is a set of port forwarding rules that define a policy. A port forward service is then applied to one or more guest VMs. The guest VM then has its inbound network access managed according to the policy defined by the port forwarding service. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses to be forwarded." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:234 |
| msgid "A guest VM can be in any number of port forward services. Port forward services can be defined but have no members. If a guest VM is part of more than one network, port forwarding rules will function only if they are defined on the default network" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:239 |
| msgid "You cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See Security Groups." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:243 |
| msgid "To set up port forwarding:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:247 |
| msgid "If you have not already done so, add a public IP address range to a zone in CloudStack. See Adding a Zone and Pod in the Installation Guide." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:251 |
| msgid "Add one or more VM instances to CloudStack." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:253 |
| msgid "In the left navigation bar, click Network." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:255 |
| msgid "Click the name of the guest network where the VMs are running." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:257 |
| msgid "Choose an existing IP address or acquire a new IP address. See `\"Acquiring a New IP Address\" <#acquiring-a-new-ip-address>`_. Click the name of the IP address in the list." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:261 |
| msgid "Click the Configuration tab." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:263 |
| msgid "In the Port Forwarding node of the diagram, click View All." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:265 |
| msgid "Fill in the following:" |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:267 |
| msgid "**Public Port**: The port to which public traffic will be addressed on the IP address you acquired in the previous step." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:270 |
| msgid "**Private Port**: The port on which the instance is listening for forwarded public traffic." |
| msgstr "" |
| |
| #: ../../networking/ip_forwarding_and_firewalling.rst:273 |
| msgid "**Protocol**: The communication protocol in use between the two ports" |
| msgstr "" |
| |
