OK, further testing reveals there are two issues:
* The FORWARD chain is blocking connections from CLC to instance
* The CC doesn't know the way to the metadata service (missing VNET_CLOUDIP)
Defaulting to accept on the FORWARD chain works around the first issue:
sudo iptables -P FORWARD ACCEPT
I can ping karmic instances OK from the CLC.
Adding VNET_CLOUDIP=ip.address.of.clc to the CC's eucalyptus.conf solves the second one.
I can boot a karmic or lucid instance and SSH into it.
More investigation is needed to see why the FORWARD chain isn't set up to accept the packets as it should...
OK, further testing reveals there are two issues:
* The FORWARD chain is blocking connections from CLC to instance
* The CC doesn't know the way to the metadata service (missing VNET_CLOUDIP)
Defaulting to accept on the FORWARD chain works around the first issue:
sudo iptables -P FORWARD ACCEPT
I can ping karmic instances OK from the CLC.
Adding VNET_CLOUDIP= ip.address. of.clc to the CC's eucalyptus.conf solves the second one.
I can boot a karmic or lucid instance and SSH into it.
More investigation is needed to see why the FORWARD chain isn't set up to accept the packets as it should...