UEC 10.10 Node Controller installation problem; no access to internet

Question

I am trying to setup a new UEC Cloud network using Ubuntu UEC 10.10, but I am having some difficulties with the Node Controller setup !

I am working (for the moment) on a small setup, using two computers. The first one, for CLC, CC, Walrus and SC. Second computer to be used as NC.

I am doing fresh and clean re-installation of everything.

My problem is that the NC do not have any access to the internet after its installation. As if the CC's computer would not do any forwarding from the private network to the public network. I cant finish the setup, I cant update/upgrade the NC. I can't apt-get install ntp.

If the NC can't talk to the internet, I will see the same problem with the instances too. From the NC, the only computer I can ping is the CC, using its private and public address.

Why would the CC block the NC access to internet ?

Note that I don't have these problems on Ubuntu 10.04 (using the same hardware), but I really need to be on Ubuntu 10.10.

Answer 1

Assuming your public IPs are in the network 12.0.0.0 and that your private switch is using the network 192.168.1.0.

You need to enable the communications to get through between the private addresses (ranging from 192.168.1.1 to 192.168.1.254) to all the public addresses (ranging from 12.1.1.1 to 12.254.254.254).

Calling the following command on the CC would do that:

iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 12.0.0.0/8 -j MASQUERADE

Answer 2

Likely you need to add a masquerading rule to iptables to facilitate forwarding packets from your private node network to the WAN/Internet.

Assuming you have a single Cloud Controller and a single Node Controller; the topology implemented something close to the following:

INTERNET<--> eth0[CloudController]eth1 <-->[Switch]<-->eth0[NodeController] ...........192.168.1.100......................10.0.0.1.....................10.0.0.2

Try something like this on the Cloud Controller:

$ sudo /sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

This assumes your Cloud Controllers public facing interface is eth0, and that the Cloud Controllers private facing interface is eth1 on a 10.0.0.0 network of which the Node Controller is also a member.

If this works, make the rule permanent ( you can even simply write it to /etc/rc.local )

Good luck!

SLR-

Answer 3

Neither of the other answers here give a permanent fix. Yes, that does make the nodes be able to access your Internet or other network, which may include making them able to access the Walrus and/or Cloud Controller.

Unfortunately Eucalyptus is notorious for blowing away the nat table and recreating it, making your server forget the MASQ rule. I find I have to run the iptables MASQ rule periodically before starting a new instance or the node can't reach my Walrus to download the image.

• Would have just done this as a comment, but my score here started as a 1 despite my higher ranking on Stack Exchange since I've never posted on serverfault.