Unable to use Eucalyptus' iptables-preload feature with UEC
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eucalyptus (Ubuntu) |
New
|
Low
|
Unassigned |
Bug Description
We are using UEC cloud controller in a server that also runs regular KVM servers with libvirt and bridge interface.
Everything is working more or less as expected, however, UEC configures iptable to use NAT for all traffic that is forwarded, even if it's not for the cloud itself. This causes that when we connect from an outside machine to any of the regular KVM machines, we are seen as coming always from the UEC cloud and KVM host.
That's not a big problem, given that is easy to solve adding this rule to iptables on that machine:
iptables -t nat -A POSTROUTING -d 10.82.0.0/22 -s 10.82.0.0/22 -j ACCEPT (where 10.82.0.0/22 is our local net), the problem comes on how to inject it in a way that UEC doesn't drop that rule on boot.
From Eucalyptus documentation (http://
UEC should have a way to put that file in some other persistent place or a way to inject that file on boot time, any of those solutions would be valid for us.
I forgot to mention that I'm talking about Ubuntu 10.04