Hello all, seemed that my message lost the body. I'lltry to resend.
Mirto -------- Messaggio originale -------- Oggetto: [SOLVED] Re: [ubuntu-cloud] Introducing myself and first question Data: Sun, 20 Feb 2011 18:13:03 +0100 Mittente: Mirto Silvio Busico <[email protected]> Rispondi-a: [email protected] A: [email protected] Il 17/02/2011 09:51, Mirto Silvio Busico ha scritto: > Hello Torsten, > thanks for your timely reply > > Il 17/02/2011 08:23, Torsten Spindler ha scritto: >> Hello Mirto, >> >> thanks for providing the additional information! >> >> >> On Wed, 2011-02-16 at 20:09 +0100, Mirto Silvio Busico wrote: >> ... >>> The NC machine is able to ping and ssh the frontend (192.168.1.64) but >>> doesn't reach the client (192.168.1.127 that is also the gateway to >>> reach internet) >>> >>> The path should be: NC (192.168.64.2) --> FrontEnd (eth0 >>> 192.168.64.1)--> FrontEnd (eth1 192.168.1.127) --> client (eth0 >>> 192.168.1.127) --> client (wlan0 10.94.169.14) -->ISP wireless router >>> (10.94.169.1) --> ISP and Internet >>> >>> On the client routing and maquerading is done with shorewall >> The problem here is that your front-end is trying to serve a dual >> purpose role, one time as UEC front-end, one time as router for the NC. >> According to >> http://open.eucalyptus.com/wiki/EucalyptusNetworkConfiguration_v2.0 >> this is not recommended, as Eucalyptus and hence UEC will flush your >> firewall rules from the front-end and apply it's own logic, quoting that >> page: >> "You are not running a firewall on the front end (CC) or your firewall >> is compatible with the dynamic changes performed by Eucalyptus when >> working with security groups. (Note that Eucalyptus will flush the >> 'filter' and 'nat' tables upon boot)." > Very intersting page! I'll study it. >> Though also mentioned on the above page is the ability to add rules to a >> preload file, with which I admit to have no experience: >> "iptables-save > $EUCALYPTUS/var/run/eucalyptus/net/iptables-preload" >> >> Or, in other words, I suspect that UEC's firewall rules on the front-end >> hinder the traffic coming from the NCs and going to your client >> computer. Would it be possible to use a different system as router for >> the NCs? This would be the easiest way to test. > Il try to investigate this evening >> Regards, >> Torsten >> >> >> > Thanks again > Mirto > Hello Torsen, The problem was that the frontend forwards the intenal network packetk untouched. So the client receives (on eth0) packets with NC (192.168.64.2) source. To solve the problem, I just added, on the client, a route back to the internal network, through the frontend. In my configuration NC (192.168.64.2) --> FrontEnd (eth0 192.168.64.1) --> FrontEnd (eth1 192.168.1.64) --> client (eth0 192.168.1.127) --> client (wlan0 10.94.169.14) --> ISP wireless router (10.94.169.1) --> ISP and Internet I added to the eth0 client interface: up route add -net 192.168.64.0 netmask 255.255.255.0 gw 192.168.1.64 This solved the prblem and the NC is able to get software updates from Internet Thanks for the collaboration Mirto
<<attachment: mirtosilvio_busico.vcf>>
-- Ubuntu-cloud mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud
