Hello Mirto, thanks for providing the additional information!
On Wed, 2011-02-16 at 20:09 +0100, Mirto Silvio Busico wrote: ... > The NC machine is able to ping and ssh the frontend (192.168.1.64) but > doesn't reach the client (192.168.1.127 that is also the gateway to > reach internet) > > The path should be: NC (192.168.64.2) --> FrontEnd (eth0 > 192.168.64.1)--> FrontEnd (eth1 192.168.1.127) --> client (eth0 > 192.168.1.127) --> client (wlan0 10.94.169.14) -->ISP wireless router > (10.94.169.1) --> ISP and Internet > > On the client routing and maquerading is done with shorewall The problem here is that your front-end is trying to serve a dual purpose role, one time as UEC front-end, one time as router for the NC. According to http://open.eucalyptus.com/wiki/EucalyptusNetworkConfiguration_v2.0 this is not recommended, as Eucalyptus and hence UEC will flush your firewall rules from the front-end and apply it's own logic, quoting that page: "You are not running a firewall on the front end (CC) or your firewall is compatible with the dynamic changes performed by Eucalyptus when working with security groups. (Note that Eucalyptus will flush the 'filter' and 'nat' tables upon boot)." Though also mentioned on the above page is the ability to add rules to a preload file, with which I admit to have no experience: "iptables-save > $EUCALYPTUS/var/run/eucalyptus/net/iptables-preload" Or, in other words, I suspect that UEC's firewall rules on the front-end hinder the traffic coming from the NCs and going to your client computer. Would it be possible to use a different system as router for the NCs? This would be the easiest way to test. Regards, Torsten -- Ubuntu-cloud mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud
