** Description changed: + ---- + Impact statement: This bug causes several issues warranting a fix in maverick/lucid + + A) Prevents correct communication between instances (eg icmp-reply from priv IP when pub IP was ping'd) + B) Blocks communication to the local instance via its public ip + C) Breaks compatibility with EC2 + + ---- + On EC2, This ping succeeds as would be expected: # ping `curl --quite http://169.254.169.254/2008-02-01/meta-data/public- ipv4` On UEC, The same ping command fails. Additionally on UEC, an instance pinging another instances public IP receives echo-reply's from the second instances private IP, rather than the public IP ping'd. The offending firewall rule (as seen by "iptables -L -t nat -n") is: MASQUERADE all -- 172.19.0.0/16 !172.19.0.0/16 When changed to: MASQUERADE all -- 172.19.0.0/16 0.0.0.0/0 Ping's work as expected (both pings to your "local" public IP, and other instances public IPs) - The bug appears to be in net/vnetwork.c L200: snprintf(cmd, 256, "-A POSTROUTING -d ! %s/%d -s %s/%d -j MASQUERADE", network, slashnet, network, slashnet); should be changed to: snprintf(cmd, 256, "-A POSTROUTING -s %s/%d -j MASQUERADE", network, - slashnet, network, slashnet); + slashnet); Hope this makes sense ;) Its been a *long* 2 days.
-- Hairpin NAT on CC disabled - EC2 inconsistency https://bugs.launchpad.net/bugs/676167 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
