...
- ntnu-internal - 10.212.24.0/22 - Used for general purpose access to the virtual machines. Accessible from all NTNU networks. Use VPN for external access.
Restricting access to an external network
In the scenario where you need to have limited access to an external network, do the following:
First, find the ID of the external network. Suppose "test-ext" is the network that needs restricted access:
| Code Block |
|---|
$ openstack network list -c Name -c ID
+--------------------------------------+-------------+
| ID | Name |
+--------------------------------------+-------------+
| 50a80b8c-d06c-4b53-97f2-6c0b9f9a405c | test-ext |
| ab6cf6f2-b320-4522-99bf-e5ab65c51553 | admin-lan |
| dfc8c97d-8cf1-4b4a-9d42-f2cd184b4540 | ext-net |
+--------------------------------------+-------------+
|
Then remove the RBAC rule, that allows all project to access "test-ext"
| Code Block |
|---|
$ neutron rbac-list
+--------------------------------------+-------------+--------------------------------------+
| id | object_type | object_id |
+--------------------------------------+-------------+--------------------------------------+
| c1d8506f-a9a2-4f93-9921-0a8969dac3d8 | network | 50a80b8c-d06c-4b53-97f2-6c0b9f9a405c |
| e8abdcf5-1bdd-4087-82bf-26dc08bf0fa1 | network | dfc8c97d-8cf1-4b4a-9d42-f2cd184b4540 |
+--------------------------------------+-------------+--------------------------------------+
$ neutron rbac-delete <object_id> |
Create a new RBAC rule for "test-ext", that states access for given projects only. You need one RBAC rule per project:
| Code Block |
|---|
$ neutron rbac-create --target-tenant <project id> --action access_as_external --type network <network id> |