Hello Torsten, thanks for your timely reply Il 17/02/2011 08:23, Torsten Spindler ha scritto: > Hello Mirto, > > thanks for providing the additional information! > > > On Wed, 2011-02-16 at 20:09 +0100, Mirto Silvio Busico wrote: > ... >> The NC machine is able to ping and ssh the frontend (192.168.1.64) but >> doesn't reach the client (192.168.1.127 that is also the gateway to >> reach internet) >> >> The path should be: NC (192.168.64.2) --> FrontEnd (eth0 >> 192.168.64.1)--> FrontEnd (eth1 192.168.1.127) --> client (eth0 >> 192.168.1.127) --> client (wlan0 10.94.169.14) -->ISP wireless router >> (10.94.169.1) --> ISP and Internet >> >> On the client routing and maquerading is done with shorewall > The problem here is that your front-end is trying to serve a dual > purpose role, one time as UEC front-end, one time as router for the NC. > According to > http://open.eucalyptus.com/wiki/EucalyptusNetworkConfiguration_v2.0 > this is not recommended, as Eucalyptus and hence UEC will flush your > firewall rules from the front-end and apply it's own logic, quoting that > page: > "You are not running a firewall on the front end (CC) or your firewall > is compatible with the dynamic changes performed by Eucalyptus when > working with security groups. (Note that Eucalyptus will flush the > 'filter' and 'nat' tables upon boot)." Very intersting page! I'll study it. > Though also mentioned on the above page is the ability to add rules to a > preload file, with which I admit to have no experience: > "iptables-save > $EUCALYPTUS/var/run/eucalyptus/net/iptables-preload" > > Or, in other words, I suspect that UEC's firewall rules on the front-end > hinder the traffic coming from the NCs and going to your client > computer. Would it be possible to use a different system as router for > the NCs? This would be the easiest way to test. Il try to investigate this evening > Regards, > Torsten > > > Thanks again Mirto
<<attachment: mirtosilvio_busico.vcf>>
-- Ubuntu-cloud mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud
