...
All configurations are currently done by admin only.
The idea is not too hard. ACS has already implemented such L3 services (sourceNat, staticNat, Port Forwarding,...), and I follow this design.
<uncompleted>
Guest network to outside without NAT
CREATE TABLE `cloud`.`routing_rules` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
`uuid` varchar(40),
`src_net` varchar(40) COMMENT 'source network of this rule',
`dst_net` varchar(40) COMMENT 'destination network of this rule',
`start_port` int(10) COMMENT 'starting port of a port range',
`end_port` int(10) COMMENT 'end port of a port range',
`state` char(32) NOT NULL COMMENT 'current state of this rule',
`protocol` char(16) NOT NULL default 'TCP' COMMENT 'protocol to open these ports for',
`account_id` bigint unsigned NOT NULL COMMENT 'owner id',
`domain_id` bigint unsigned NOT NULL COMMENT 'domain id',
`created` datetime COMMENT 'Date created',
`removed` datetime COMMENT 'Date removed',
`icmp_code` int(10) COMMENT 'The ICMP code (if protocol=ICMP). A value of -1 means all codes for the given ICMP type.',
`icmp_type` int(10) COMMENT 'The ICMP type (if protocol=ICMP). A value of -1 means all types.',
PRIMARY KEY (`id`),
CONSTRAINT `fk_routing_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE,
CONSTRAINT `fk_routing_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
CONSTRAINT `uc_routing_rules__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;