If I have a OpenStack VM which has a configured a floating IP address and tries to connect to a service outside the OpenStack "universe". How do I assure, that the source IP address of this connection is the floating IP address of this VM? The background of this question is that we have restrictive firewall rules (sure) and only want to allow egress traffic from the VM (i.e a Jenkins which builds software and wants them to distribute it directly to an outbound service via SSH) to external machines.
In the words of networking this seems not to be possible because on the VM I have no network interface which is connected to this network where the floating IP belongs to, and therfore I don't have a dedicated route via the default router of the floating IP to the external network. I can't take the (fixed) IP address of the VM because these IP addresses are invisible and private to the outside world. We use SNAT on the routers to go outside. Problem is that all VMs take the same router to connect to outside so the source IP address would be the same for all VMs. But I need a different source IP address to be able to implement firewall rules.
I hope I could explain my problem sufficiently.
Thanks! Joachim.
