Bastillion Container Detail

Getting Started with VNS3 Plugin System

The Bastillion Container is deployed to VNS3 as a plugin using the container system.

Please be familiar with the VNS3 Plugin Configuration Guide.

What does it do?

The Bastillion Container provides a preinstalled copy of Bastillion (, an open source project which serves a simple web interface for SSH terminal sessions to application hosts.

You can learn more about Bastillion and read their complete documentation at

What does it need?

The Bastillion Container requires VNS3 version 5 or newer, as well connectivity to the host(s) you wish to manage.

Deploying the Bastillion Container

Getting the Container Image

The Linux-based (Ubuntu 20.04) Ntop Container Image is accessible at the following URL:

This is a read-only Amazon S3 storage location. Only Cohesive Networks can update or modify files stored in this location.

You do not need to download the file to your local machine; the image URL can be used directly in a VNS3 Controller via the Web UI or API. (Generic walkthrough and help available in the VNS3 Plugin Configuration Guide.)

Uploading the Container Image to the VNS3 Plugin System

From the Container —> Images menu item, choose Upload Image.

Provide a name for the image and a short description if you wish.

Enter the Container Image file URL:

Click Upload.

Allocating a Container from the Image

When the Image has imported it will say Ready in the Status Column.

To launch a container from the image, choose Allocate from the Action menu.

After selecting Allocate from the Actions menu, name your container, provide a description (optional), and enter /usr/bin/supervisord as the Command to start the container.

You can allow VNS3 to auto-assign a container network IP, but it is recommended that you choose one manually. Note this address for the next step.

VNS3 Firewall Rules

The Bastillion Container requires certain firewall rules be added to the VNS3 controller.

Anywhere it appears, replace <container_ip>, <flow port>, and <http port> with the appropriate value.

#Port forward tcp8443 to Bastillion container for Web interface
PREROUTING_CUST -i eth0 -p tcp --dport 8443 -j DNAT --to <container_ip>:8443

# Allow traffic to/from Bastillion container
FORWARD_CUST -s <container_ip> -j ACCEPT
FORWARD_CUST -d <container_ip> -j ACCEPT

#SNAT for Bastillion container internet and VPC access
POSTROUTING_CUST -o eth0 -s <container_ip> -j MASQUERADE
#SNAT for Bastillion container Overlay network access
POSTROUTING_CUST -o tun+ -s <container ip> -j MASQUERADE

Configuring and Using Bastillion

After allocating the container and applying the necessary firewall rules to VNS3, you can reach the Bastillion Web UI at https://:8443/

The username is admin, and the default password is changeme.

We recommend that you change this password immediately.

VNS3’s Plugin Manager (“Containers > Action > Manager”) offers the ability to edit the file, should you wish to do so. Edits made to that file will require restarting the container or the Bastillion service.

More detailed configuration and usage information can be found here:

Feel free to reach out to Cohesive Networks support if you have any questions, issues, comments, or concerns.

Export a Container Image

In the event that your VNS3 controller needs to be replaced or upgraded, having a saved copy of your configured Container can be helpful. We recommend creating and downloading an image of your container as part of the deployment process:

From the Containers page in the VNS3 web UI, select Action > Save as Image for your new Container. Once that process is complete, you’ll be brought to the Images page. Select Action > Export on the new image, and provide a name.

Once Exporting is complete, you will have the option to download the image locally.