[ubuntu-cloud] Introducing myself and first question
Mirto Silvio Busico
mirtosilvio.busico at fastwebnet.it
Thu Feb 17 08:51:50 UTC 2011
Hello Torsten,
thanks for your timely reply
Il 17/02/2011 08:23, Torsten Spindler ha scritto:
> Hello Mirto,
>
> thanks for providing the additional information!
>
>
> On Wed, 2011-02-16 at 20:09 +0100, Mirto Silvio Busico wrote:
> ...
>> The NC machine is able to ping and ssh the frontend (192.168.1.64) but
>> doesn't reach the client (192.168.1.127 that is also the gateway to
>> reach internet)
>>
>> The path should be: NC (192.168.64.2) --> FrontEnd (eth0
>> 192.168.64.1)--> FrontEnd (eth1 192.168.1.127) --> client (eth0
>> 192.168.1.127) --> client (wlan0 10.94.169.14) -->ISP wireless router
>> (10.94.169.1) --> ISP and Internet
>>
>> On the client routing and maquerading is done with shorewall
> The problem here is that your front-end is trying to serve a dual
> purpose role, one time as UEC front-end, one time as router for the NC.
> According to
> http://open.eucalyptus.com/wiki/EucalyptusNetworkConfiguration_v2.0
> this is not recommended, as Eucalyptus and hence UEC will flush your
> firewall rules from the front-end and apply it's own logic, quoting that
> page:
> "You are not running a firewall on the front end (CC) or your firewall
> is compatible with the dynamic changes performed by Eucalyptus when
> working with security groups. (Note that Eucalyptus will flush the
> 'filter' and 'nat' tables upon boot)."
Very intersting page! I'll study it.
> Though also mentioned on the above page is the ability to add rules to a
> preload file, with which I admit to have no experience:
> "iptables-save > $EUCALYPTUS/var/run/eucalyptus/net/iptables-preload"
>
> Or, in other words, I suspect that UEC's firewall rules on the front-end
> hinder the traffic coming from the NCs and going to your client
> computer. Would it be possible to use a different system as router for
> the NCs? This would be the easiest way to test.
Il try to investigate this evening
> Regards,
> Torsten
>
>
>
Thanks again
Mirto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mirtosilvio_busico.vcf
Type: text/x-vcard
Size: 284 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20110217/6e0433c4/attachment.vcf>
More information about the Ubuntu-cloud
mailing list